Primary

Context

Linux Kernel SPI QPIC SNAND ECC Engine Unregistration Vulnerability

Vulnerability

Patched

A vulnerability exists in the Linux kernel's SPI QPIC SNAND driver, where the on-host hardware ECC engine remains registered during error conditions and device removal. This oversight can lead to use-after-free issues. The vulnerability has been addressed by modifying the probe function to properly unregister the ECC engine on errors and adding the missing unregistration call during device removal.

Impact

The vulnerability could cause use-after-free issues, potentially leading to memory corruption or exploitation.

Added: Oct 1, 2025, 8:51 AM

Updated: Oct 1, 2025, 8:51 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SPI QPIC SNAND ECC Engine Unregistration Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating