CVE-2025-39893

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-qpic-snand: unregister ECC engine on probe error and device remove

The on-host hardware ECC engine remains registered both when
the spi_register_controller() function returns with an error
and also on device removal.

Change the qcom_spi_probe() function to unregister the engine
on the error path, and add the missing unregistering call to
qcom_spi_remove() to avoid possible use-after-free issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://git.kernel.org/stable/c/1991a458528588ff34e98b6365362560d208710f
https://git.kernel.org/stable/c/e4de48e66af17547727bb2e4b1867952817edff7