DEBIAN-CVE-2025-39921
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-39921
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-39921.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-39921
- Upstream
- Published
- 2025-10-01T08:15:35.370Z
- Modified
- 2026-03-17T02:49:18.446380Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: stop checking viability of op->maxfreq in supportsop callback In commit 13529647743d9 ("spi: microchip-core-qspi: Support per spi-mem operation frequency switches") the logic for checking the viability of op->maxfreq in mchpcoreqspisetupclock() was copied into mchpcoreqspisupportsop(). Unfortunately, op->maxfreq is not valid when this function is called during probe but is instead zero. Accordingly, baudrateval is calculated to be INTMAX due to division by zero, causing probe of the attached memory device to fail. Seemingly spi-microchip-core-qspi was the only driver that had such a modification made to its supportsop callback when the peropfreq capability was added, so just remove it to restore prior functionality.
- References
Affected packages
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.6-1