CVE-2025-22012 (GCVE-0-2025-22012)

Vulnerability from cvelistv5 – Published: 2025-04-08 08:18 – Updated: 2025-10-01 17:06
VLAI?
Title
Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu"
Summary
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine on some devices (like the Dragonboard 845c, but not so much on the Lenovo Yoga C630). This unfortunately looks like a fluke in firmware development, where likely somewhere in the vast hypervisor stack, a change to accommodate for this was only introduced after the initial software release (which often serves as a baseline for products). Revert the change to avoid additional guesswork around crashes. This reverts commit 6b31a9744b8726c69bb0af290f8475a368a4b805.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6b31a9744b8726c69bb0af290f8475a368a4b805 , < 9e6e9fc90258a318d30b417bcccda908bb82ee9d (git)
Affected: 6b31a9744b8726c69bb0af290f8475a368a4b805 , < f00db31d235946853fb430de8c6aa1295efc8353 (git)
Create a notification for this product.
    Linux Linux Affected: 6.13
Unaffected: 0 , < 6.13 (semver)
Unaffected: 6.13.9 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T17:06:54.467971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T17:06:57.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/boot/dts/qcom/sdm845.dtsi"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9e6e9fc90258a318d30b417bcccda908bb82ee9d",
              "status": "affected",
              "version": "6b31a9744b8726c69bb0af290f8475a368a4b805",
              "versionType": "git"
            },
            {
              "lessThan": "f00db31d235946853fb430de8c6aa1295efc8353",
              "status": "affected",
              "version": "6b31a9744b8726c69bb0af290f8475a368a4b805",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/boot/dts/qcom/sdm845.dtsi"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.13"
            },
            {
              "lessThan": "6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.9",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu\"\n\nThere are reports that the pagetable walker cache coherency is not a\ngiven across the spectrum of SDM845/850 devices, leading to lock-ups\nand resets. It works fine on some devices (like the Dragonboard 845c,\nbut not so much on the Lenovo Yoga C630).\n\nThis unfortunately looks like a fluke in firmware development, where\nlikely somewhere in the vast hypervisor stack, a change to accommodate\nfor this was only introduced after the initial software release (which\noften serves as a baseline for products).\n\nRevert the change to avoid additional guesswork around crashes.\n\nThis reverts commit 6b31a9744b8726c69bb0af290f8475a368a4b805."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:27:35.740Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9e6e9fc90258a318d30b417bcccda908bb82ee9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f00db31d235946853fb430de8c6aa1295efc8353"
        }
      ],
      "title": "Revert \"arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu\"",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22012",
    "datePublished": "2025-04-08T08:18:03.312Z",
    "dateReserved": "2024-12-29T08:45:45.805Z",
    "dateUpdated": "2025-10-01T17:06:57.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22012\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-08T09:15:25.420\",\"lastModified\":\"2025-10-01T17:15:42.227\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRevert \\\"arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu\\\"\\n\\nThere are reports that the pagetable walker cache coherency is not a\\ngiven across the spectrum of SDM845/850 devices, leading to lock-ups\\nand resets. It works fine on some devices (like the Dragonboard 845c,\\nbut not so much on the Lenovo Yoga C630).\\n\\nThis unfortunately looks like a fluke in firmware development, where\\nlikely somewhere in the vast hypervisor stack, a change to accommodate\\nfor this was only introduced after the initial software release (which\\noften serves as a baseline for products).\\n\\nRevert the change to avoid additional guesswork around crashes.\\n\\nThis reverts commit 6b31a9744b8726c69bb0af290f8475a368a4b805.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \\\"arm64: dts: qcom: sdm845: Affirm IDR0.CCTW en apps_smmu\\\". Hay informes de que la coherencia de la cach\u00e9 del pagetable walker no es constante en todos los dispositivos SDM845/850, lo que provoca bloqueos y reinicios. Funciona correctamente en algunos dispositivos (como el Dragonboard 845c, pero no tanto en el Lenovo Yoga C630). Lamentablemente, esto parece ser un fallo en el desarrollo del firmware, ya que, probablemente en alg\u00fan lugar de la vasta pila de hipervisores, se introdujo un cambio para adaptarlo despu\u00e9s del lanzamiento inicial del software (que suele servir como base para los productos). Revertir el cambio para evitar conjeturas adicionales sobre fallos. Esto revierte el commit 6b31a9744b8726c69bb0af290f8475a368a4b805.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.9\",\"matchCriteriaId\":\"FAECBE4D-58CF-4836-BBAB-5E28B800A778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"186716B6-2B66-4BD0-852E-D48E71C0C85F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3E781C-403A-498F-9DA9-ECEE50F41E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"66619FB8-0AAF-4166-B2CF-67B24143261D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D6550E-6679-4560-902D-AF52DCFE905B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B90F6B-BEC7-4D4E-883A-9DBADE021750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"1759FFB7-531C-41B1-9AE1-FD3D80E0D920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD948719-8628-4421-A340-1066314BBD4A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/9e6e9fc90258a318d30b417bcccda908bb82ee9d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f00db31d235946853fb430de8c6aa1295efc8353\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22012\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T17:06:54.467971Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-667\", \"description\": \"CWE-667 Improper Locking\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T14:39:54.732Z\"}}], \"cna\": {\"title\": \"Revert \\\"arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu\\\"\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6b31a9744b8726c69bb0af290f8475a368a4b805\", \"lessThan\": \"9e6e9fc90258a318d30b417bcccda908bb82ee9d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6b31a9744b8726c69bb0af290f8475a368a4b805\", \"lessThan\": \"f00db31d235946853fb430de8c6aa1295efc8353\", \"versionType\": \"git\"}], \"programFiles\": [\"arch/arm64/boot/dts/qcom/sdm845.dtsi\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.13\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.13\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.13.9\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"arch/arm64/boot/dts/qcom/sdm845.dtsi\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/9e6e9fc90258a318d30b417bcccda908bb82ee9d\"}, {\"url\": \"https://git.kernel.org/stable/c/f00db31d235946853fb430de8c6aa1295efc8353\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRevert \\\"arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu\\\"\\n\\nThere are reports that the pagetable walker cache coherency is not a\\ngiven across the spectrum of SDM845/850 devices, leading to lock-ups\\nand resets. It works fine on some devices (like the Dragonboard 845c,\\nbut not so much on the Lenovo Yoga C630).\\n\\nThis unfortunately looks like a fluke in firmware development, where\\nlikely somewhere in the vast hypervisor stack, a change to accommodate\\nfor this was only introduced after the initial software release (which\\noften serves as a baseline for products).\\n\\nRevert the change to avoid additional guesswork around crashes.\\n\\nThis reverts commit 6b31a9744b8726c69bb0af290f8475a368a4b805.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.9\", \"versionStartIncluding\": \"6.13\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"6.13\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:27:35.740Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-22012\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T17:06:57.968Z\", \"dateReserved\": \"2024-12-29T08:45:45.805Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-04-08T08:18:03.312Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.