CVE-2025-40005

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser. Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing refcount to track attached devices to the controller and gracefully wait and until attached devices remove operation completed before proceed with removal operation.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/56787f4a75907ae99b5f5842b756fa68e2482f6d
https://git.kernel.org/stable/c/65ed52200080eafce3eead05cf22ce01238defca
https://git.kernel.org/stable/c/7446284023e8ef694fb392348185349c773eefb3	Patch
https://git.kernel.org/stable/c/8df235f768cea7a5829cb02525622646eb0df5f5	Patch
https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2cbf75b8f229098b0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.17:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.17:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.17:rc4::::::

History

No history.

Information

Published : 2025-10-20 16:15

Updated : 2026-03-25 11:16

NVD link : CVE-2025-40005

Mitre link : CVE-2025-40005

CVE.ORG link : CVE-2025-40005

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-40005", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-10-20T16:15:37.127", "references": [{"url": "https://git.kernel.org/stable/c/56787f4a75907ae99b5f5842b756fa68e2482f6d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/65ed52200080eafce3eead05cf22ce01238defca", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7446284023e8ef694fb392348185349c773eefb3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8df235f768cea7a5829cb02525622646eb0df5f5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2cbf75b8f229098b0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation."}], "lastModified": "2026-03-25T11:16:12.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2F78819-3B3D-45F2-B2BC-445385A4FAE4", "versionEndExcluding": "6.6.125", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "898CB0E7-69BE-48EB-A212-89F26E47CC47", "versionEndExcluding": "6.16.10", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "327D22EF-390B-454C-BD31-2ED23C998A1C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C730CD9A-D969-4A8E-9522-162AAF7C0EE9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39982C4B-716E-4B2F-8196-FA301F47807D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "340BEEA9-D70D-4290-B502-FBB1032353B1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}