CVE-2025-22011
MEDIUM EPSS 6.6%
Published Apr 8, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Apr 8, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power# echo freeze > state [ 70.724347] xhci_suspend finished [ 70.727730] xhci_plat_suspend finished [ 70.755624] bcm2835-power bcm2835-power: Power grafx off [ 70.761127] USB: Set power to 0 [ 74.653040] USB: Failed to set power to 1 (-110) This seems to be caused because of the mixed usage of raspberrypi-power and bcm2835-power at the same time. So avoid the usage of the VPU firmware power-domain driver, which prevents the VPU crash.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
6.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 9
References 3
- git.kernel.org https://git.kernel.org/stable/c/393947e06867923d4c2be380d46efd03407a8ce2
- git.kernel.org https://git.kernel.org/stable/c/b8a47aa0b3df701d0fc41b3caf78d00571776be0
- git.kernel.org https://git.kernel.org/stable/c/f44fa354a0715577ca32b085f6f60bcf32c748dd
Remediation
- git.kernel.org https://git.kernel.org/stable/c/393947e06867923d4c2be380d46efd03407a8ce2
- git.kernel.org https://git.kernel.org/stable/c/b8a47aa0b3df701d0fc41b3caf78d00571776be0
- git.kernel.org https://git.kernel.org/stable/c/f44fa354a0715577ca32b085f6f60bcf32c748dd