CVE-2025-39893

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the spi-qpic-snand driver. Specifically, the on-host hardware ECC engine remains registered even when the spi register controller() function encounters an error during probing or when the device is removed. This can lead to potential use-after-free issues. The issue is addressed by ensuring the ECC engine is unregistered on the error path within the qcom spi probe() function and by adding a missing unregistering call to the qcom spi remove() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.