CVE-2025-40005

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40005
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40005.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40005
Downstream
Related
Published
2025-10-20T15:26:52.315Z
Modified
2026-03-26T04:18:22.212236Z
Summary
spi: cadence-quadspi: Implement refcount to handle unbind during busy
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: cadence-quadspi: Implement refcount to handle unbind during busy

driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser.

Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing refcount to track attached devices to the controller and gracefully wait and until attached devices remove operation completed before proceed with removal operation.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40005.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a314f6367787ee1d767df9a2120f17e4511144d0
Fixed
56787f4a75907ae99b5f5842b756fa68e2482f6d
Fixed
8df235f768cea7a5829cb02525622646eb0df5f5
Fixed
65ed52200080eafce3eead05cf22ce01238defca
Fixed
b7ec8a2b094a33d0464958c2cbf75b8f229098b0
Fixed
7446284023e8ef694fb392348185349c773eefb3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40005.json"