CVE-2025-39893

MEDIUM 5.5

spi: spi-qpic-snand: unregister ECC engine on probe error and device remove

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

6th

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spi_register_controller() function returns with an error and also on device removal. Change the qcom_spi_probe() function to unregister the engine on the error path, and add the missing unregistering call to qcom_spi_remove() to avoid possible use-after-free issues.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 1, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

7304d1909080ef0c9da703500a97f46c98393fcd < e4de48e66af17547727bb2e4b1867952817edff7 7304d1909080ef0c9da703500a97f46c98393fcd < 1991a458528588ff34e98b6365362560d208710f

Linux / Linux

6.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/e4de48e66af17547727bb2e4b1867952817edff7 git.kernel.org: https://git.kernel.org/stable/c/1991a458528588ff34e98b6365362560d208710f