[SRU][N][PATCH v2 0/1] CVE-2025-37801
Alessio Faina
alessio.faina at canonical.com
Thu Oct 16 12:53:14 UTC 2025
https://ubuntu.com/security/CVE-2025-37801
[ Impact ]
spi: spi-imx: Add check for spi_imx_setupxfer()
Add check for the return value of spi_imx_setupxfer().
spi_imx->rx and spi_imx->tx function pointer can be NULL when
spi_imx_setupxfer() return error, and make NULL pointer dereference.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Call trace:
0x0
spi_imx_pio_transfer+0x50/0xd8
spi_imx_transfer_one+0x18c/0x858
spi_transfer_one_message+0x43c/0x790
__spi_pump_transfer_message+0x238/0x5d4
__spi_sync+0x2b0/0x454
spi_write_then_read+0x11c/0x200
[ Fix ]
Introduce a check for the spi_imx_setupxfer function; if the function
failed to setup the transfer, exit and do not use a potential NULL pointer.
[ Test Plan ]
Compiled and boot tested only.
[ Regression Potential ]
No regression potential, introducing only a NULL pointer check.
v2: Fixed the "cherry pick" tag in patch 1/1
Tamura Dai (1):
spi: spi-imx: Add check for spi_imx_setupxfer()
drivers/spi/spi-imx.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list