CVE-2025-21831Linux vulnerability

30 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8
EPSS
0.0%
top 95.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedMar 6
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") sets the policy that all PCIe ports are allowed to use D3. When the system is suspended if the port is not power manageable by the platform and won't be used for wakeup via a PME this sets up the policy for these ports to go into D3hot. This policy generally makes sense from an OSPM perspective b

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel4.86.6.78+2
Debianlinux/linux_kernel< 6.12.15-1+1
Ubuntulinux/linux_kernel< 6.8.0-58.60
CVEListV5linux/linux9d26d3a8f1b0c442339a235f9508bdad8af910438852e056e297df1d8635ee7504e780d3184e45d0+4
debiandebian/linux< linux 6.12.15-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26
OSV
linux-aws vulnerabilities2025-05-22
OSV
linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime vulnerabilities2025-05-20
OSV
linux-raspi-realtime vulnerabilities2025-05-20

📋Vendor Advisories

15
Ubuntu
Linux kernel vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-22
Ubuntu
Linux kernel vulnerabilities2025-05-20
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-05-20