CVE-2025-39722

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's crypto/caam module that can lead to a system crash during suspend operations on iMX8QM and iMX8ULP SoCs. This occurs because the CAAM on these systems is managed by another ARM core (SECO on iMX8QM and Secure Enclave on iMX8ULP) which reserves access to register page 0. The vulnerability is triggered when suspend operations attempt to access this reserved page. A new state variable, no page0, has been introduced to track whether page 0 is reserved, preventing access during suspend.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-371

Related Identifiers

BDU:2025-15710

CVE-2025-39722

DSA-6008-1

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

Imx8Qm

Imx8Ulp

CVE-2025-39722

Weakness Enumeration

Related Identifiers

Affected Products

References · 1272