Linux Kernel Vulnerability in Microchip Core QSPI Driver
CVE-2025-39921

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39921?

A vulnerability in the Microchip Core QSPI driver of the Linux kernel arises from a flaw in the max_freq viability check during the probe process. When the function mchp_coreqspi_supports_op() calls the supports_op callback, it mismanages the op->max_freq parameter, leading it to default to zero. Consequently, this causes the baud_rate_val to miscalculate to INT_MAX due to division by zero. This issue specifically affects the probe functionality for connected memory devices, preventing them from being utilized correctly. The resolution involves reverting the recent changes to restore the driver’s original operation capability.

Affected Version(s)

Linux 13529647743d906ed3cf991f1d77727e7ff1fb6f

Linux 13529647743d906ed3cf991f1d77727e7ff1fb6f < 89e7353f522f5cf70cb48c01ce2dcdcb275b8022

Linux 6.14

References

https://git.kernel.org/stable/c/ac8a13f35d5b8996582b3f97b...

https://git.kernel.org/stable/c/89e7353f522f5cf70cb48c01c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON