PT-2025-15399 · Linux+4 · Linux Kernel+4

Published

2025-04-08

·

Updated

2026-04-20

·

CVE-2025-22011

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the mixed usage of raspberrypi-power and bcm2835-power at the same time, causing the VPU firmware to crash on xHCI power-domain resume during s2idle tests on the Raspberry CM4. This is observed when attempting to set power to 1, resulting in a failure with error code -110. The problem seems to be caused by the usage of the VPU firmware power-domain driver.
Recommendations: To resolve the issue, avoid using the VPU firmware power-domain driver, which prevents the VPU crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALT-PU-2025-5786
BDU:2025-11781
CVE-2025-22011
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Ubuntu