{"id":"CVE-2025-37842","summary":"spi: fsl-qspi: use devm function instead of driver remove","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-qspi: use devm function instead of driver remove\n\nDriver use devm APIs to manage clk/irq/resources and register the spi\ncontroller, but the legacy remove function will be called first during\ndevice detach and trigger kernel panic. Drop the remove function and use\ndevm_add_action_or_reset() for driver cleanup to ensure the release\nsequence.\n\nTrigger kernel panic on i.MX8MQ by\necho 30bb0000.spi \u003e/sys/bus/platform/drivers/fsl-quadspi/unbind","modified":"2026-04-02T12:47:32.675685Z","published":"2025-05-09T06:41:51.310Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37842.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/40369bfe717e96e26650eeecfa5a6363563df6e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/439688dbe82baa10d4430dc3252bb5ef1183a171"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50ae352c1848cab408fb4f7d7f50c71f818bbdbf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f68b27d82a749117d9c7d7f33fa53f46373e38e2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37842.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37842"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8fcb830a00f0980ffe38d223cdd9a4d2d24da476"},{"fixed":"50ae352c1848cab408fb4f7d7f50c71f818bbdbf"},{"fixed":"f68b27d82a749117d9c7d7f33fa53f46373e38e2"},{"fixed":"439688dbe82baa10d4430dc3252bb5ef1183a171"},{"fixed":"f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8"},{"fixed":"40369bfe717e96e26650eeecfa5a6363563df6e4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37842.json"}}],"schema_version":"1.7.5"}