CVE-2025-37842

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37842
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37842.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37842
Downstream
Related
Published
2025-05-09T07:16:04Z
Modified
2025-09-09T17:15:43Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: fsl-qspi: use devm function instead of driver remove

Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devmaddactionorreset() for driver cleanup to ensure the release sequence.

Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind

References

Affected packages