In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-qspi: use devm function instead of driver remove
Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devmaddactionorreset() for driver cleanup to ensure the release sequence.
Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@439688dbe82baa10d4430dc3252bb5ef1183a171",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_remove",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-07120bfe",
"signature_type": "Function",
"digest": {
"length": 255.0,
"function_hash": "7093661328852135122887976765905943166"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_remove",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-2c7274fc",
"signature_type": "Function",
"digest": {
"length": 255.0,
"function_hash": "7093661328852135122887976765905943166"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50ae352c1848cab408fb4f7d7f50c71f818bbdbf",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_probe",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-3794c28a",
"signature_type": "Function",
"digest": {
"length": 2020.0,
"function_hash": "281669512491358845789558750207606649343"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f68b27d82a749117d9c7d7f33fa53f46373e38e2",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-56e85220",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297451348003645202517640023300854228615",
"109262387770170728703513560779640274423",
"259496995428350710926079944669482327514",
"70461117293059588362946413906093192427",
"314654297517965247961780263378432013558",
"80262361202174330652251441844097362268",
"35679988094319975070719620571128716863",
"269822694295377788623553263035271823789",
"50312831454688198309357658666771328883",
"90505954619957701724542286877342907808",
"134759080090703507798249228301184692976",
"3586300923851059114950037403603001368",
"281800139634141158574424677837404923531",
"226469734046307713905994454145905864215",
"296005820585824394399339385545426076772",
"331176135668830191264513524024657191158",
"238906665723773751612441780062430477845",
"164567849523635465989654780948065727511",
"327221930983893384382440753705057214676",
"274819137225199845018275133512922021972",
"334058141938267251845543891108493982551"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40369bfe717e96e26650eeecfa5a6363563df6e4",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_remove",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-6fe1376c",
"signature_type": "Function",
"digest": {
"length": 255.0,
"function_hash": "7093661328852135122887976765905943166"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40369bfe717e96e26650eeecfa5a6363563df6e4",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-70d72834",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"133227997026711388097916691411853569616",
"132004295171550000883758007905091416831",
"259496995428350710926079944669482327514",
"280451609972910017668491566030275192565",
"314654297517965247961780263378432013558",
"80262361202174330652251441844097362268",
"35679988094319975070719620571128716863",
"269822694295377788623553263035271823789",
"50312831454688198309357658666771328883",
"90505954619957701724542286877342907808",
"134759080090703507798249228301184692976",
"3586300923851059114950037403603001368",
"281800139634141158574424677837404923531",
"226469734046307713905994454145905864215",
"296005820585824394399339385545426076772",
"331176135668830191264513524024657191158",
"238906665723773751612441780062430477845",
"38389660410811613335070317029277071591",
"80131328661591198967060784338727656013",
"30330472820185543129124044457939631795",
"115331824544189546309674794315384981044"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40369bfe717e96e26650eeecfa5a6363563df6e4",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_probe",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-7a88bec4",
"signature_type": "Function",
"digest": {
"length": 2060.0,
"function_hash": "283610480085464620543705338277292814683"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@439688dbe82baa10d4430dc3252bb5ef1183a171",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-7f55251f",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297451348003645202517640023300854228615",
"109262387770170728703513560779640274423",
"259496995428350710926079944669482327514",
"70461117293059588362946413906093192427",
"314654297517965247961780263378432013558",
"80262361202174330652251441844097362268",
"35679988094319975070719620571128716863",
"269822694295377788623553263035271823789",
"50312831454688198309357658666771328883",
"90505954619957701724542286877342907808",
"134759080090703507798249228301184692976",
"3586300923851059114950037403603001368",
"281800139634141158574424677837404923531",
"226469734046307713905994454145905864215",
"296005820585824394399339385545426076772",
"331176135668830191264513524024657191158",
"238906665723773751612441780062430477845",
"38389660410811613335070317029277071591",
"80131328661591198967060784338727656013",
"30330472820185543129124044457939631795",
"115331824544189546309674794315384981044"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50ae352c1848cab408fb4f7d7f50c71f818bbdbf",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-86005a8f",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297451348003645202517640023300854228615",
"109262387770170728703513560779640274423",
"259496995428350710926079944669482327514",
"70461117293059588362946413906093192427",
"314654297517965247961780263378432013558",
"80262361202174330652251441844097362268",
"35679988094319975070719620571128716863",
"269822694295377788623553263035271823789",
"50312831454688198309357658666771328883",
"90505954619957701724542286877342907808",
"134759080090703507798249228301184692976",
"3586300923851059114950037403603001368",
"281800139634141158574424677837404923531",
"226469734046307713905994454145905864215",
"296005820585824394399339385545426076772",
"331176135668830191264513524024657191158",
"238906665723773751612441780062430477845",
"164567849523635465989654780948065727511",
"327221930983893384382440753705057214676",
"274819137225199845018275133512922021972",
"334058141938267251845543891108493982551"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@439688dbe82baa10d4430dc3252bb5ef1183a171",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_probe",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-9e856115",
"signature_type": "Function",
"digest": {
"length": 2020.0,
"function_hash": "281669512491358845789558750207606649343"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f68b27d82a749117d9c7d7f33fa53f46373e38e2",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_remove",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-a15a8ca0",
"signature_type": "Function",
"digest": {
"length": 255.0,
"function_hash": "7093661328852135122887976765905943166"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f68b27d82a749117d9c7d7f33fa53f46373e38e2",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_probe",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-b73e1a26",
"signature_type": "Function",
"digest": {
"length": 2020.0,
"function_hash": "281669512491358845789558750207606649343"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-c3df6804",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"133227997026711388097916691411853569616",
"132004295171550000883758007905091416831",
"259496995428350710926079944669482327514",
"280451609972910017668491566030275192565",
"314654297517965247961780263378432013558",
"80262361202174330652251441844097362268",
"35679988094319975070719620571128716863",
"269822694295377788623553263035271823789",
"50312831454688198309357658666771328883",
"90505954619957701724542286877342907808",
"134759080090703507798249228301184692976",
"3586300923851059114950037403603001368",
"281800139634141158574424677837404923531",
"226469734046307713905994454145905864215",
"296005820585824394399339385545426076772",
"331176135668830191264513524024657191158",
"238906665723773751612441780062430477845",
"38389660410811613335070317029277071591",
"80131328661591198967060784338727656013",
"30330472820185543129124044457939631795",
"115331824544189546309674794315384981044"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_probe",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-d69efd8e",
"signature_type": "Function",
"digest": {
"length": 2060.0,
"function_hash": "283610480085464620543705338277292814683"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50ae352c1848cab408fb4f7d7f50c71f818bbdbf",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fsl_qspi_remove",
"file": "drivers/spi/spi-fsl-qspi.c"
},
"id": "CVE-2025-37842-f3a35017",
"signature_type": "Function",
"digest": {
"length": 255.0,
"function_hash": "7093661328852135122887976765905943166"
}
}
]