Linux Kernel Vulnerability in Microchip Core QSPI Driver
CVE-2025-39921

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39921?

A vulnerability in the Microchip Core QSPI driver of the Linux kernel arises from a flaw in the max_freq viability check during the probe process. When the function mchp_coreqspi_supports_op() calls the supports_op callback, it mismanages the op->max_freq parameter, leading it to default to zero. Consequently, this causes the baud_rate_val to miscalculate to INT_MAX due to division by zero. This issue specifically affects the probe functionality for connected memory devices, preventing them from being utilized correctly. The resolution involves reverting the recent changes to restore the driver’s original operation capability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 13529647743d906ed3cf991f1d77727e7ff1fb6f

Linux 13529647743d906ed3cf991f1d77727e7ff1fb6f < 89e7353f522f5cf70cb48c01ce2dcdcb275b8022

Linux 6.14

References

https://git.kernel.org/stable/c/ac8a13f35d5b8996582b3f97b...

https://git.kernel.org/stable/c/89e7353f522f5cf70cb48c01c...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Linux

What is CVE-2025-39921?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.