CVE-2025-40005Improper Control of a Resource Through its Lifetime in Linux

CWE-664Improper Control of a Resource Through its Lifetime6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedOct 20

Description

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser. Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing r

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

NVDlinux/linux_kernel5.96.6.125+2
Debianlinux/linux_kernel< 6.16.10-1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-g4vw-3hq5-q7gr: In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver sup2025-10-20
OSV
CVE-2025-40005: In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver suppo2025-10-20

📋Vendor Advisories

3
Red Hat
kernel: spi: cadence-quadspi: Implement refcount to handle unbind during busy2025-10-20
Microsoft
spi: cadence-quadspi: Implement refcount to handle unbind during busy2025-10-14
Debian
CVE-2025-40005: linux - In the Linux kernel, the following vulnerability has been resolved: spi: cadenc...2025
CVE-2025-40005 — Linux vulnerability | cvebase