CVE-2025-37842

spi: fsl-qspi: use devm function instead of driver remove

Description

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devm_add_action_or_reset() for driver cleanup to ensure the release sequence. Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f68b27d82a749117d9c7d7f33fa53f46373e38e2
https://git.kernel.org/stable/c/439688dbe82baa10d4430dc3252bb5ef1183a171
https://git.kernel.org/stable/c/f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8
https://git.kernel.org/stable/c/40369bfe717e96e26650eeecfa5a6363563df6e4

Frequently Asked Questions

What is the severity of CVE-2025-37842?
CVE-2025-37842 has not yet been assigned a CVSS score.
How to fix CVE-2025-37842?
To fix CVE-2025-37842, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37842 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37842 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37842?
CVE-2025-37842 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.