CVE-2025-40005

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the cadence-quadspi driver related to handling unbind operations during busy periods. The driver previously assumed no force device removal (unbind) operation would occur, but such operations are possible with root superuser privileges. Unbinding the driver during an operation can lead to a kernel crash. The issue is addressed by implementing a reference count to track attached devices to the controller and gracefully waiting for attached devices to complete removal operations before proceeding with the removal operation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

AZL-78380

BDU:2025-13576

CVE-2025-40005

ECHO-5634-345C-3F6B

OPENSUSE-SU-2025:20091-1

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:21080-1

SUSE-SU-2025:21147-1

SUSE-SU-2025:21180-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

Affected Products

Debian

Linux Kernel

Suse

CVE-2025-40005

Weakness Enumeration

Related Identifiers

Affected Products

References · 1066