A subtle but dangerous correctness bug in the Linux kernel’s ChromeOS EC keyboard driver has been assigned CVE‑2025‑40263: a defensive‑coding oversight allows the driver to dereference a NULL input device pointer when it receives a particular EC event while the driver intentionally omitted...
