Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2025-22011

In the Linux kernel, the following vulnerability has been resolved:

ARM: dts: bcm2711: Fix xHCI power-domain

During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume:

root@raspberrypi:/sys/power# echo freeze > state [ 70.724347] xhci_suspend finished [ 70.727730] xhci_plat_suspend finished [ 70.755624] bcm2835-power bcm2835-power: Power grafx off [ 70.761127] USB: Set power to 0

[ 74.653040] USB: Failed to set power to 1 (-110)

This seems to be caused because of the mixed usage of raspberrypi-power and bcm2835-power at the same time. So avoid the usage of the VPU firmware power-domain driver, which prevents the VPU crash.

  • Published: Apr 8, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2025-22011
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 6.14-rc1 6.14-rc1.x
linux / linux_kernel 6.14-rc2 6.14-rc2.x
linux / linux_kernel 6.14-rc3 6.14-rc3.x
linux / linux_kernel 6.14-rc4 6.14-rc4.x
linux / linux_kernel 6.13 6.13.9
linux / linux_kernel 6.8 6.12.21
linux / linux_kernel 6.14-rc5 6.14-rc5.x
linux / linux_kernel 6.14-rc6 6.14-rc6.x
linux / linux_kernel 6.14-rc7 6.14-rc7.x