Listen to this Post
The CVE-2025-22011 vulnerability occurs in the Linux kernel’s power management system for Broadcom BCM2711-based devices (like Raspberry Pi CM4). During suspend-to-idle (s2idle) state transitions, a conflict between `raspberrypi-power` and `bcm2835-power` drivers causes improper xHCI (USB controller) power domain handling. When resuming from low-power states, the VPU firmware crashes due to failed power restoration (-110 timeout error). The issue stems from simultaneous usage of two competing power management drivers, leading to unstable USB controller reactivation.
DailyCVE Form:
Platform: Linux Kernel
Version: BCM2711 devices
Vulnerability: Power domain conflict
Severity: Medium
Date: 04/10/2025
What Undercode Say:
Exploitation:
1. Trigger s2idle:
echo freeze > /sys/power/state
2. Monitor crash logs:
dmesg | grep "Failed to set power"
Mitigation:
1. Apply kernel patch for BCM2711 DTS:
// arm/boot/dts/bcm2711.dtsi
&xhci {
power-domains = <&power RPI_POWER_DOMAIN_USB>;
};
2. Blacklist conflicting driver:
echo "blacklist bcm2835-power" > /etc/modprobe.d/disable-bcm2835.conf
Debugging:
1. Check power domains:
ls /sys/power
2. Force USB power reset:
uhubctl -a off -l 1-1 && uhubctl -a on -l 1-1
Analytics:
- Affects Raspberry Pi CM4/400 with kernel <5.15.92
- CVSS:4.0 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
- Failure rate: 100% during s2idle cycles
Detection:
grep -q "bcm2835-power" /proc/modules && echo "VULNERABLE"
Permanent Fix:
Rebuild kernel with patched DTS:
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2711_defconfig
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-22011
Extra Source Hub:
Undercode

