CISA-2025-39921
Reported by Linux · Published October 1, 2025
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: stop checking viability of op->max_freq in supports_op callback In commit 13529647743d9 ("spi: microchip-core-qspi: Support per spi-mem operation frequency switches") the logic for checking the viability of op->max_freq in mchp_coreqspi_setup_clock() was copied into mchp_coreqspi_supports_op(). Unfortunately, op->max_freq is not valid when this function is called during probe but is instead zero. Accordingly, baud_rate_val is calculated to be INT_MAX due to division by zero, causing probe of the attached memory device to fail. Seemingly spi-microchip-core-qspi was the only driver that had such a modification made to its supports_op callback when the per_op_freq capability was added, so just remove it to restore prior functionality.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 13529647743d906ed3cf991f1d77727e7ff1fb6f, 13529647743d906ed3cf991f1d77727e7ff1fb6f |
| Linux | Linux | 6.14, 0, 6.16.6 |
| Linux | Linux | 6.14, 13529647743d906ed3cf991f1d77727e7ff1fb6f, 0 |
| linux | linux_kernel | 6.14, 6.14, 6.14 |
Timeline
- Oct 1, 2025 CVE Published
- Jan 14, 2026 CVE Updated