AZL-73102

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73102.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73102

Upstream

CVE-2025-68746

Published

2025-12-24T13:16:29Z

Modified

2026-04-01T05:22:36.053895Z

Summary

CVE-2025-68746 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

spi: tegra210-quad: Fix timeout handling

When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached.

While handling the timeouts, any pending transfers are cleaned up and the message that they correspond to is marked as failed, which leaves the curr_xfer field pointing at stale memory.

To avoid this, clear curr_xfer to NULL upon timeout and check for this condition when the IRQ thread is finally run.

While at it, also make sure to clear interrupts on failure so that new interrupts can be run.

A better, more involved, fix would move the interrupt clearing into a hard IRQ handler. Ideally we would also want to signal that the IRQ thread no longer needs to be run after the timeout is hit to avoid the extra check for a valid transfer.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68746

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73102.json"