AZL-63791

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-63791.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-63791

Upstream

CVE-2025-37801

Published

2025-05-08T07:15:51Z

Modified

2026-04-01T05:20:47.840248Z

Summary

CVE-2025-37801 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-imx: Add check for spiimxsetupxfer()

Add check for the return value of spiimxsetupxfer(). spiimx->rx and spiimx->tx function pointer can be NULL when spiimxsetupxfer() return error, and make NULL pointer dereference.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spiimxpiotransfer+0x50/0xd8 spiimxtransferone+0x18c/0x858 spitransferone_message+0x43c/0x790 __spipumptransfer_message+0x238/0x5d4 __spisync+0x2b0/0x454 spiwritethenread+0x11c/0x200

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37801

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-63791.json"