Linux Kernel, Power Management Vulnerability, CVE-2025-22011 (Medium)

Listen to this Post

The CVE-2025-22011 vulnerability occurs in the Linux kernel’s power management system for Broadcom BCM2711-based devices (like Raspberry Pi CM4). During suspend-to-idle (s2idle) state transitions, a conflict between `raspberrypi-power` and `bcm2835-power` drivers causes improper xHCI (USB controller) power domain handling. When resuming from low-power states, the VPU firmware crashes due to failed power restoration (-110 timeout error). The issue stems from simultaneous usage of two competing power management drivers, leading to unstable USB controller reactivation.

DailyCVE Form:

Platform: Linux Kernel
Version: BCM2711 devices
Vulnerability: Power domain conflict
Severity: Medium
Date: 04/10/2025

What Undercode Say:

Exploitation:

1. Trigger s2idle:

echo freeze > /sys/power/state

2. Monitor crash logs:

dmesg | grep "Failed to set power"

Mitigation:

1. Apply kernel patch for BCM2711 DTS:

// arm/boot/dts/bcm2711.dtsi
&xhci {
power-domains = <&power RPI_POWER_DOMAIN_USB>;
};

2. Blacklist conflicting driver:

echo "blacklist bcm2835-power" > /etc/modprobe.d/disable-bcm2835.conf

Debugging:

1. Check power domains:

ls /sys/power

2. Force USB power reset:

uhubctl -a off -l 1-1 && uhubctl -a on -l 1-1

Analytics:

  • Affects Raspberry Pi CM4/400 with kernel <5.15.92
  • CVSS:4.0 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • Failure rate: 100% during s2idle cycles

    Detection:

    grep -q "bcm2835-power" /proc/modules && echo "VULNERABLE"
    

Permanent Fix:

Rebuild kernel with patched DTS:

make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2711_defconfig

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-22011
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top