VDB
CVE-2025-39893
CVE-2025-39893
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spi_register_controller() function returns with an error and also on device removal. Change the qcom_spi_probe() function to unregister the engine on the error path, and add the missing unregistering call to qcom_spi_remove() to avoid possible use-after-free issues.
EPSS 0.02% · 5.7th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.02%
5.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 6.15, 6.17, 6.15 |
| Linux | Linux | 7304d1909080ef0c9da703500a97f46c98393fcd, 0, 6.17 |
Exploit Intelligence
- https://git.kernel.org/stable/c/e4de48e66af17547727bb2e4b1867952817edff7 (circl)
- https://git.kernel.org/stable/c/1991a458528588ff34e98b6365362560d208710f (circl)
- CVE-2025-38222.yara (github-yara)
- CVE-2025-38222.yara (github-yara)
- CVE-2025-38222.yara (github-yara)
- CVE-2025-38222.yara (github-yara)
- CVE-2025-38222.yara (github-yara)
- CVE-2025-38424.yara (github-yara)
- CVE-2025-38424.yara (github-yara)
- CVE-2025-38424.yara (github-yara)
…and 2 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Oct 1, 2025 EPSS Score
- Oct 1, 2025 CVE Published
- Oct 2, 2025 Coalition ESS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 8, 2025 EPSS Score
- Oct 12, 2025 PoC Published
- Oct 13, 2025 Coalition ESS Score
- Oct 14, 2025 EPSS Score
- Oct 21, 2025 EPSS Score
- Oct 27, 2025 EPSS Score