{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-20T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: spi: cadence-quadspi: Implement refcount to handle unbind during busy",
    "id" : "2405134",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405134"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-664",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.", "A flaw was found in the Linux kernel’s cadence-quadspi SPI controller driver. The driver did not implement reference counting when devices are bound/unbound, assuming that forced removals (“unbind”) will not happen while indirect read or write operations are ongoing. However, a root user can force device removal even during busy operations, and this can lead to a kernel crash." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40005\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40005\nhttps://lore.kernel.org/linux-cve-announce/2025102000-CVE-2025-40005-b351@gregkh/T" ],
  "name" : "CVE-2025-40005",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}