CVE-2025-37842

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37842
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37842.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37842
Downstream
Related
Published
2025-05-09T06:41:51Z
Modified
2025-10-22T11:27:59.894559Z
Summary
spi: fsl-qspi: use devm function instead of driver remove
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: fsl-qspi: use devm function instead of driver remove

Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devmaddactionorreset() for driver cleanup to ensure the release sequence.

Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8fcb830a00f0980ffe38d223cdd9a4d2d24da476
Fixed
50ae352c1848cab408fb4f7d7f50c71f818bbdbf
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8fcb830a00f0980ffe38d223cdd9a4d2d24da476
Fixed
f68b27d82a749117d9c7d7f33fa53f46373e38e2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8fcb830a00f0980ffe38d223cdd9a4d2d24da476
Fixed
439688dbe82baa10d4430dc3252bb5ef1183a171
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8fcb830a00f0980ffe38d223cdd9a4d2d24da476
Fixed
f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8fcb830a00f0980ffe38d223cdd9a4d2d24da476
Fixed
40369bfe717e96e26650eeecfa5a6363563df6e4

Affected versions

v5.*

v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.11
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.100
v6.6.101
v6.6.102
v6.6.103
v6.6.104
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@439688dbe82baa10d4430dc3252bb5ef1183a171",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_remove",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-07120bfe",
        "signature_type": "Function",
        "digest": {
            "length": 255.0,
            "function_hash": "7093661328852135122887976765905943166"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_remove",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-2c7274fc",
        "signature_type": "Function",
        "digest": {
            "length": 255.0,
            "function_hash": "7093661328852135122887976765905943166"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50ae352c1848cab408fb4f7d7f50c71f818bbdbf",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_probe",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-3794c28a",
        "signature_type": "Function",
        "digest": {
            "length": 2020.0,
            "function_hash": "281669512491358845789558750207606649343"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f68b27d82a749117d9c7d7f33fa53f46373e38e2",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-56e85220",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297451348003645202517640023300854228615",
                "109262387770170728703513560779640274423",
                "259496995428350710926079944669482327514",
                "70461117293059588362946413906093192427",
                "314654297517965247961780263378432013558",
                "80262361202174330652251441844097362268",
                "35679988094319975070719620571128716863",
                "269822694295377788623553263035271823789",
                "50312831454688198309357658666771328883",
                "90505954619957701724542286877342907808",
                "134759080090703507798249228301184692976",
                "3586300923851059114950037403603001368",
                "281800139634141158574424677837404923531",
                "226469734046307713905994454145905864215",
                "296005820585824394399339385545426076772",
                "331176135668830191264513524024657191158",
                "238906665723773751612441780062430477845",
                "164567849523635465989654780948065727511",
                "327221930983893384382440753705057214676",
                "274819137225199845018275133512922021972",
                "334058141938267251845543891108493982551"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40369bfe717e96e26650eeecfa5a6363563df6e4",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_remove",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-6fe1376c",
        "signature_type": "Function",
        "digest": {
            "length": 255.0,
            "function_hash": "7093661328852135122887976765905943166"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40369bfe717e96e26650eeecfa5a6363563df6e4",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-70d72834",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "133227997026711388097916691411853569616",
                "132004295171550000883758007905091416831",
                "259496995428350710926079944669482327514",
                "280451609972910017668491566030275192565",
                "314654297517965247961780263378432013558",
                "80262361202174330652251441844097362268",
                "35679988094319975070719620571128716863",
                "269822694295377788623553263035271823789",
                "50312831454688198309357658666771328883",
                "90505954619957701724542286877342907808",
                "134759080090703507798249228301184692976",
                "3586300923851059114950037403603001368",
                "281800139634141158574424677837404923531",
                "226469734046307713905994454145905864215",
                "296005820585824394399339385545426076772",
                "331176135668830191264513524024657191158",
                "238906665723773751612441780062430477845",
                "38389660410811613335070317029277071591",
                "80131328661591198967060784338727656013",
                "30330472820185543129124044457939631795",
                "115331824544189546309674794315384981044"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40369bfe717e96e26650eeecfa5a6363563df6e4",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_probe",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-7a88bec4",
        "signature_type": "Function",
        "digest": {
            "length": 2060.0,
            "function_hash": "283610480085464620543705338277292814683"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@439688dbe82baa10d4430dc3252bb5ef1183a171",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-7f55251f",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297451348003645202517640023300854228615",
                "109262387770170728703513560779640274423",
                "259496995428350710926079944669482327514",
                "70461117293059588362946413906093192427",
                "314654297517965247961780263378432013558",
                "80262361202174330652251441844097362268",
                "35679988094319975070719620571128716863",
                "269822694295377788623553263035271823789",
                "50312831454688198309357658666771328883",
                "90505954619957701724542286877342907808",
                "134759080090703507798249228301184692976",
                "3586300923851059114950037403603001368",
                "281800139634141158574424677837404923531",
                "226469734046307713905994454145905864215",
                "296005820585824394399339385545426076772",
                "331176135668830191264513524024657191158",
                "238906665723773751612441780062430477845",
                "38389660410811613335070317029277071591",
                "80131328661591198967060784338727656013",
                "30330472820185543129124044457939631795",
                "115331824544189546309674794315384981044"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50ae352c1848cab408fb4f7d7f50c71f818bbdbf",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-86005a8f",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297451348003645202517640023300854228615",
                "109262387770170728703513560779640274423",
                "259496995428350710926079944669482327514",
                "70461117293059588362946413906093192427",
                "314654297517965247961780263378432013558",
                "80262361202174330652251441844097362268",
                "35679988094319975070719620571128716863",
                "269822694295377788623553263035271823789",
                "50312831454688198309357658666771328883",
                "90505954619957701724542286877342907808",
                "134759080090703507798249228301184692976",
                "3586300923851059114950037403603001368",
                "281800139634141158574424677837404923531",
                "226469734046307713905994454145905864215",
                "296005820585824394399339385545426076772",
                "331176135668830191264513524024657191158",
                "238906665723773751612441780062430477845",
                "164567849523635465989654780948065727511",
                "327221930983893384382440753705057214676",
                "274819137225199845018275133512922021972",
                "334058141938267251845543891108493982551"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@439688dbe82baa10d4430dc3252bb5ef1183a171",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_probe",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-9e856115",
        "signature_type": "Function",
        "digest": {
            "length": 2020.0,
            "function_hash": "281669512491358845789558750207606649343"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f68b27d82a749117d9c7d7f33fa53f46373e38e2",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_remove",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-a15a8ca0",
        "signature_type": "Function",
        "digest": {
            "length": 255.0,
            "function_hash": "7093661328852135122887976765905943166"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f68b27d82a749117d9c7d7f33fa53f46373e38e2",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_probe",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-b73e1a26",
        "signature_type": "Function",
        "digest": {
            "length": 2020.0,
            "function_hash": "281669512491358845789558750207606649343"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-c3df6804",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "133227997026711388097916691411853569616",
                "132004295171550000883758007905091416831",
                "259496995428350710926079944669482327514",
                "280451609972910017668491566030275192565",
                "314654297517965247961780263378432013558",
                "80262361202174330652251441844097362268",
                "35679988094319975070719620571128716863",
                "269822694295377788623553263035271823789",
                "50312831454688198309357658666771328883",
                "90505954619957701724542286877342907808",
                "134759080090703507798249228301184692976",
                "3586300923851059114950037403603001368",
                "281800139634141158574424677837404923531",
                "226469734046307713905994454145905864215",
                "296005820585824394399339385545426076772",
                "331176135668830191264513524024657191158",
                "238906665723773751612441780062430477845",
                "38389660410811613335070317029277071591",
                "80131328661591198967060784338727656013",
                "30330472820185543129124044457939631795",
                "115331824544189546309674794315384981044"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_probe",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-d69efd8e",
        "signature_type": "Function",
        "digest": {
            "length": 2060.0,
            "function_hash": "283610480085464620543705338277292814683"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50ae352c1848cab408fb4f7d7f50c71f818bbdbf",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "fsl_qspi_remove",
            "file": "drivers/spi/spi-fsl-qspi.c"
        },
        "id": "CVE-2025-37842-f3a35017",
        "signature_type": "Function",
        "digest": {
            "length": 255.0,
            "function_hash": "7093661328852135122887976765905943166"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
6.6.105
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.36
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.3