Linux Kernel Raspberry Pi CM4 xHCI Power-Domain VPU Crash Vulnerability

A vulnerability in the Linux kernel's device tree for the Raspberry Pi Compute Module 4 (CM4) has been addressed. During s2idle tests, the VPU firmware consistently crashes when resuming from the xHCI power domain. This issue arises from the simultaneous use of the raspberrypi-power and bcm2835-power drivers, leading to a VPU crash. The vulnerability causes a failure to properly manage USB power, with the system unable to restore power to USB devices after suspending them.

Impact

The vulnerability causes the VPU firmware to crash, disrupting normal operations and potentially leading to broader system instability.

Reproduction

The vulnerability can be reproduced by suspending the system and then resuming, which triggers the VPU crash due to the conflicting power domain management.

Remediation

The vulnerability has been resolved by avoiding the use of the VPU firmware power-domain driver, allowing for proper management of the xHCI power domain without causing a crash.