AZL-62495

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62495.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62495

Upstream

CVE-2025-37842

Published

2025-05-09T07:16:04Z

Modified

2026-04-01T05:20:04.845683Z

Summary

CVE-2025-37842 affecting package kernel for versions less than 6.6.112.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

spi: fsl-qspi: use devm function instead of driver remove

Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devmaddactionorreset() for driver cleanup to ensure the release sequence.

Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37842

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.112.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62495.json"