Vulnerability in Cadence Quad SPI Driver for Linux Kernel
CVE-2025-40005

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40005?

The Cadence Quad SPI driver in the Linux kernel is affected by a vulnerability related to the improper handling of device unbinding during ongoing operations. This scenario can lead to kernel crashes, particularly when a root superuser performs a forced removal of the driver while it is still busy processing indirect read and write operations. To mitigate this issue, a fix has been implemented that introduces reference counting, allowing the driver to gracefully manage device disconnection by ensuring all operations are completed before proceeding with the removal.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7446284023e8ef694fb392348185349c773eefb3

Linux 6.16.10 <= 6.16.*

References

https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2c...

https://git.kernel.org/stable/c/7446284023e8ef694fb392348...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON