CVE-2025-40113
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware loaded by the boot firmware. When preparing to load the new ADSP firmware we shutdown the lite_pas_id for the main firmware, but we don't shutdown the corresponding lite pas_id for the DTB. The fact that we're leaving it "running" forever becomes obvious if you try to reuse (or just access) the memory region used by the "lite" firmware: The &adsp_boot_mem is accessible, but accessing the &adsp_boot_dtb_mem results in a crash. We don't support reusing the memory regions currently, but nevertheless we should not keep part of the lite firmware running. Fix this by adding the lite_dtb_pas_id and shutting it down as well. We don't have a way to detect if the lite firmware is actually running yet, so ignore the return status of qcom_scm_pas_shutdown() for now. This was already the case before, the assignment to "ret" is not used anywhere.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40113
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of the ADSP firmware on the X1E platform. Specifically, when loading new ADSP firmware, the system shuts down the 'lite_pas_id' for the main firmware but fails to shut down the corresponding 'lite_pas_id' for the Device Tree Blob (DTB) firmware. As a result, part of the 'lite' firmware remains running indefinitely. This causes issues when trying to access or reuse the memory region used by the 'lite' firmware, leading to crashes when accessing the DTB memory region.


How can this vulnerability impact me? :

The vulnerability can cause system instability or crashes when accessing or reusing the memory region associated with the 'lite' ADSP firmware's DTB. Since the DTB firmware remains running unintentionally, attempts to access its memory region can result in crashes, potentially affecting system reliability and performance on affected devices.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by shutting down the lite_dtb_pas_id in addition to the lite_pas_id when loading new ADSP firmware on X1E. Immediate mitigation involves applying the updated Linux kernel patch that includes this fix to ensure the lite firmware DTB is properly shut down and does not remain running.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart