CVE-2025-39893 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39893 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spi_register_controller() function returns with an error and also on device removal. Change the qcom_spi_probe() function to unregister the engine on the error path, and add the missing unregistering call to qcom_spi_remove() to avoid possible use-after-free issues.

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.17, 6.15, 6.17
Linux	Linux	7304d1909080ef0c9da703500a97f46c98393fcd, 6.15, 0

Timeline

Jan 21, 1970 Security Advisory
Oct 1, 2025 EPSS Score
Oct 1, 2025 CVE Published
Oct 2, 2025 Coalition ESS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 7, 2025 EPSS Score
Oct 12, 2025 PoC Published
Oct 13, 2025 EPSS Score
Oct 13, 2025 Coalition ESS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score

References

Open in Interactive Console →