{ "threat_severity" : "Moderate", "public_date" : "2025-11-12T00:00:00Z", "bugzilla" : { "description" : "kernel: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E", "id" : "2414503", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2414503" }, "cvss3" : { "cvss3_base_score" : "2.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "status" : "draft" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nremoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E\nThe ADSP firmware on X1E has separate firmware binaries for the main\nfirmware and the DTB. The same applies for the \"lite\" firmware loaded by\nthe boot firmware.\nWhen preparing to load the new ADSP firmware we shutdown the lite_pas_id\nfor the main firmware, but we don't shutdown the corresponding lite pas_id\nfor the DTB. The fact that we're leaving it \"running\" forever becomes\nobvious if you try to reuse (or just access) the memory region used by the\n\"lite\" firmware: The &adsp_boot_mem is accessible, but accessing the\n&adsp_boot_dtb_mem results in a crash.\nWe don't support reusing the memory regions currently, but nevertheless we\nshould not keep part of the lite firmware running. Fix this by adding the\nlite_dtb_pas_id and shutting it down as well.\nWe don't have a way to detect if the lite firmware is actually running yet,\nso ignore the return status of qcom_scm_pas_shutdown() for now. This was\nalready the case before, the assignment to \"ret\" is not used anywhere.", "A flaw was found in the Linux kernel’s remoteproc subsystem for Qualcomm processors (“qcom: pas”). On X1E platforms, the ADSP (Audio DSP) firmware has separate binaries for the main firmware and a DTB (“device tree blob”), including a “lite” version for each. While shutting down the “lite” ADSP for the main firmware, the corresponding “lite DTB” ADSP instance was not being shut down, leading to a scenario where part of the firmware remains active indefinitely." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40113\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40113\nhttps://lore.kernel.org/linux-cve-announce/2025111251-CVE-2025-40113-ad3d@gregkh/T" ], "name" : "CVE-2025-40113", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }