CVE-2025-40113

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s remoteproc subsystem, specifically within the Qualcomm (qcom) pas component related to the shutdown of the lite ADSP DTB on X1E. The issue arises because when preparing to load new ADSP firmware, the lite pas ID for the main firmware is shut down, but the corresponding lite pas ID for the DTB is not. This leaves a portion of the lite firmware running indefinitely, potentially leading to a crash when attempting to access the memory region used by the DTB. The vulnerability does not currently support memory region reuse, but the improper shutdown could cause issues if such functionality were implemented. The vulnerable component involves shutting down the lite dtb pas id.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.