CVE-2025-39722

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP<br /> <br /> Since the CAAM on these SoCs is managed by another ARM core, called the<br /> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which<br /> also reserves access to register page 0 suspend operations cannot touch<br /> this page.<br /> <br /> This is similar to when running OPTEE, where OPTEE will reserve page 0.<br /> <br /> Track this situation using a new state variable no_page0, reflecting if<br /> page 0 is reserved elsewhere, either by other management cores in SoC or<br /> by OPTEE.<br /> <br /> Replace the optee_en check in suspend/resume with the new check.<br /> <br /> optee_en cannot go away as it&amp;#39;s needed elsewhere to gate OPTEE specific<br /> situations.<br /> <br /> Fixes the following splat at suspend:<br /> <br /> Internal error: synchronous external abort: 0000000096000010 [#1] SMP<br /> Hardware name: Freescale i.MX8QXP ACU6C (DT)<br /> pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : readl+0x0/0x18<br /> lr : rd_reg32+0x18/0x3c<br /> sp : ffffffc08192ba20<br /> x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000<br /> x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090<br /> x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010<br /> x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5<br /> x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c<br /> x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001<br /> x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000<br /> x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002<br /> x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000<br /> x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004<br /> Call trace:<br /> readl+0x0/0x18<br /> caam_ctrl_suspend+0x30/0xdc<br /> dpm_run_callback.constprop.0+0x24/0x5c<br /> device_suspend+0x170/0x2e8<br /> dpm_suspend+0xa0/0x104<br /> dpm_suspend_start+0x48/0x50<br /> suspend_devices_and_enter+0x7c/0x45c<br /> pm_suspend+0x148/0x160<br /> state_store+0xb4/0xf8<br /> kobj_attr_store+0x14/0x24<br /> sysfs_kf_write+0x38/0x48<br /> kernfs_fop_write_iter+0xb4/0x178<br /> vfs_write+0x118/0x178<br /> ksys_write+0x6c/0xd0<br /> __arm64_sys_write+0x14/0x1c<br /> invoke_syscall.constprop.0+0x64/0xb0<br /> do_el0_svc+0x90/0xb0<br /> el0_svc+0x18/0x44<br /> el0t_64_sync_handler+0x88/0x124<br /> el0t_64_sync+0x150/0x154<br /> Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)