CVE-2025-22095 – A kernel panic vulnerability exists in the Linu... (How to Fix)

Q: What is the severity of CVE-2025-22095?

CVE-2025-22095 has a CVSS score of 5.5 (MEDIUM). A kernel panic vulnerability exists in the Linux kernel's Broadcom STB PCIe driver when regulator_bulk_get() fails during PCIe link initialization. This affects Linux systems using the brcmstb PCIe driver, potentially causing system crashes and denial of service.

📋 TL;DR

A kernel panic vulnerability exists in the Linux kernel's Broadcom STB PCIe driver when regulator_bulk_get() fails during PCIe link initialization. This affects Linux systems using the brcmstb PCIe driver, potentially causing system crashes and denial of service.

💻 Affected Systems

Products:

Linux kernel with brcmstb PCIe driver

Versions: Linux kernel versions containing the vulnerable brcmstb PCIe driver code prior to fixes in stable branches

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Broadcom STB (Set-Top Box) PCIe hardware and using the brcmstb driver. Most standard servers/workstations are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System kernel panic leading to complete system crash and denial of service, requiring physical or remote reboot.

🟠

Likely Case

System instability or crash when PCIe device initialization fails, affecting system availability.

🟢

If Mitigated

Minimal impact if systems are properly patched and have redundancy/failover mechanisms.

🌐 Internet-Facing: LOW - Requires local access or specific PCIe hardware conditions to trigger.

🏢 Internal Only: MEDIUM - Could affect internal servers or devices using Broadcom STB hardware with vulnerable kernel versions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific hardware conditions (Broadcom STB PCIe device) and triggering regulator_bulk_get() failure during PCIe initialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits: 3651ad5249c51cf7eee078e12612557040a6bdb4, 6f44e1fdb006db61394aa4d4c25728ada00842e7, 7842e842a9bf6bd5866c84f588353711d131ab1a, 99a0efba9f903acbdece548862b6b4cbe7d999e1, df63321a40cc98e52313cffbff376b8ae9ceffa7

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable brcmstb PCIe driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist pcie-brcmstb' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Avoid using Broadcom STB PCIe hardware on affected systems
Implement system monitoring for kernel panics and have rapid recovery procedures

🔍 How to Verify

Check if Vulnerable:

Check if brcmstb PCIe driver is loaded: lsmod | grep brcmstb AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and brcmstb driver loads without issues during PCIe initialization

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
PCIe initialization failure logs
Regulator-related error messages

Network Indicators:

System becoming unresponsive to network requests

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "regulator_bulk" OR "brcmstb")

📊 Metadata

CVE ID: CVE-2025-22095

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.09% exploit probability (25.8th percentile)

Published: April 16, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON