CVE-2025-40005

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: cadence-quadspi: Implement refcount to handle unbind during busy

driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser.

Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing refcount to track attached devices to the controller and gracefully wait and until attached devices remove operation completed before proceed with removal operation.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa314f6367787ee1d767df9a2120f17e4511144d0 < 8ce3ebbe5c718940b4e94f5c25f5720223f893f8affected
LinuxLinuxa314f6367787ee1d767df9a2120f17e4511144d0 < 56787f4a75907ae99b5f5842b756fa68e2482f6daffected
LinuxLinuxa314f6367787ee1d767df9a2120f17e4511144d0 < 8df235f768cea7a5829cb02525622646eb0df5f5affected
LinuxLinuxa314f6367787ee1d767df9a2120f17e4511144d0 < 65ed52200080eafce3eead05cf22ce01238defcaaffected
LinuxLinuxa314f6367787ee1d767df9a2120f17e4511144d0 < b7ec8a2b094a33d0464958c2cbf75b8f229098b0affected
LinuxLinuxa314f6367787ee1d767df9a2120f17e4511144d0 < 7446284023e8ef694fb392348185349c773eefb3affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.125 <= 6.6.*unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.16.10 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References