PT-2025-20493 · Linux+4 · Linux Kernel+4

Published

2025-03-27

·

Updated

2026-04-20

·

CVE-2025-37842

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved. The issue is related to the spi: fsl-qspi driver, where the use of devm APIs to manage resources and the legacy remove function could trigger a kernel panic during device detachment. The problem is resolved by dropping the remove function and using devm add action or reset() for driver cleanup. The vulnerability can be triggered on i.MX8MQ devices.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Weakness Enumeration

CWE-404

Related Identifiers

AZL-62495
AZL-70364
BDU:2026-05759
CVE-2025-37842
ECHO-A8E2-7B6A-C341
OESA-2025-1823
OESA-2025-1824
OESA-2025-1870
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu