CVE-2025-37842

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37842

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37842.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-37842

Downstream

BELL-CVE-2025-37842

DEBIAN-CVE-2025-37842

ECHO-a8e2-7b6a-c341

OESA-2025-1823

OESA-2025-1824

OESA-2025-1870

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01967-1

UBUNTU-CVE-2025-37842

USN-7594-1

USN-7594-2

USN-7594-3

Related

Published

2025-05-09T07:16:04Z

Modified

2025-09-09T17:15:43Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

spi: fsl-qspi: use devm function instead of driver remove

Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devmaddactionorreset() for driver cleanup to ensure the release sequence.

Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind

References

Affected packages