VDB

CVE-2025-39921

CVE-2025-39921 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: stop checking viability of op->max_freq in supports_op callback In commit 13529647743d9 ("spi: microchip-core-qspi: Support per spi-mem operation frequency switches") the logic for checking the viability of op->max_freq in mchp_coreqspi_setup_clock() was copied into mchp_coreqspi_supports_op(). Unfortunately, op->max_freq is not valid when this function is called during probe but is instead zero. Accordingly, baud_rate_val is calculated to be INT_MAX due to division by zero, causing probe of the attached memory device to fail. Seemingly spi-microchip-core-qspi was the only driver that had such a modification made to its supports_op callback when the per_op_freq capability was added, so just remove it to restore prior functionality.

EPSS 0.02% · 6.9th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
6.9th percentile

Affected Products

VendorProductVersions
LinuxLinux13529647743d906ed3cf991f1d77727e7ff1fb6f, 6.14, 0
linuxlinux_kernel6.14, 6.14, 6.14

Timeline

  • Jan 21, 1970 Security Advisory
  • Oct 1, 2025 EPSS Score
  • Oct 1, 2025 CVE Published
  • Oct 4, 2025 Coalition ESS Score
  • Oct 6, 2025 Coalition ESS Score
  • Oct 8, 2025 EPSS Score
  • Oct 12, 2025 PoC Published
  • Oct 14, 2025 EPSS Score
  • Oct 21, 2025 EPSS Score
  • Oct 26, 2025 Coalition ESS Score
  • Oct 27, 2025 EPSS Score
  • Nov 3, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›