CVE-2025-39893

Published: Oct 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spi_register_controller() function returns with an error and also on device removal. Change the qcom_spi_probe() function to unregister the engine on the error path, and add the missing unregistering call to qcom_spi_remove() to avoid possible use-after-free issues.

Vendor	Product	Versions
Linux	Linux	affected `7304d1909080ef0c9da703500a97f46c98393fcd - < e4de48e66af17547727bb2e4b1867952817edff7` affected `7304d1909080ef0c9da703500a97f46c98393fcd - < 1991a458528588ff34e98b6365362560d208710f`
Linux	Linux	affected `6.15` unaffected `0 - < 6.15` unaffected `6.16.6 - <= 6.16.` unaffected `6.17 - <= `

References

https://git.kernel.org/stable/c/e4de48e66af17547727bb2e4b1867952817edff7

https://git.kernel.org/stable/c/1991a458528588ff34e98b6365362560d208710f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39893

Description

Affected Products

References