Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser. Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing refcount to track attached devices to the controller and gracefully wait and until attached devices remove operation completed before proceed with removal operation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.9, < 6.6.125 |
References
- https://git.kernel.org/stable/c/56787f4a75907ae99b5f5842b756fa68e2482f6d
- https://git.kernel.org/stable/c/65ed52200080eafce3eead05cf22ce01238defca
- https://git.kernel.org/stable/c/7446284023e8ef694fb392348185349c773eefb3Patch
- https://git.kernel.org/stable/c/8df235f768cea7a5829cb02525622646eb0df5f5Patch
- https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2cbf75b8f229098b0Patch
FAQ
What is CVE-2025-40005?
CVE-2025-40005 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation wi...
How severe is CVE-2025-40005?
CVE-2025-40005 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-40005?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.