CVE-2025-40113
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40113
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40113.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40113
- Downstream
- Published
- 2025-11-12T10:23:16.992Z
- Modified
- 2025-11-17T04:07:28.864855Z
- Summary
- remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E
The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware loaded by the boot firmware.
When preparing to load the new ADSP firmware we shutdown the litepasid for the main firmware, but we don't shutdown the corresponding lite pasid for the DTB. The fact that we're leaving it "running" forever becomes obvious if you try to reuse (or just access) the memory region used by the "lite" firmware: The &adspbootmem is accessible, but accessing the &adspbootdtbmem results in a crash.
We don't support reusing the memory regions currently, but nevertheless we should not keep part of the lite firmware running. Fix this by adding the litedtbpas_id and shutting it down as well.
We don't have a way to detect if the lite firmware is actually running yet, so ignore the return status of qcomscmpas_shutdown() for now. This was already the case before, the assignment to "ret" is not used anywhere.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced62210f7509e13a2caa7b080722a45229b8f17a0aFixedee150acd273aded01a726ce39b1f6128200799e6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced62210f7509e13a2caa7b080722a45229b8f17a0aFixed142964960c7c35de5c5f7bdd61c32699de693630