Unrated severityNVD Advisory· Published Oct 1, 2025· Updated Jan 14, 2026
spi: spi-qpic-snand: unregister ECC engine on probe error and device remove
CVE-2025-39893
Description
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-qpic-snand: unregister ECC engine on probe error and device remove
The on-host hardware ECC engine remains registered both when the spi_register_controller() function returns with an error and also on device removal.
Change the qcom_spi_probe() function to unregister the engine on the error path, and add the missing unregistering call to qcom_spi_remove() to avoid possible use-after-free issues.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.