ACK: [SRU][N][PATCH v2 0/1] CVE-2025-37801
Tim Whisonant
tim.whisonant at canonical.com
Fri Oct 17 01:04:12 UTC 2025
On Thu, Oct 16, 2025 at 02:53:14PM +0200, Alessio Faina wrote:
> https://ubuntu.com/security/CVE-2025-37801
>
> [ Impact ]
>
> spi: spi-imx: Add check for spi_imx_setupxfer()
>
> Add check for the return value of spi_imx_setupxfer().
> spi_imx->rx and spi_imx->tx function pointer can be NULL when
> spi_imx_setupxfer() return error, and make NULL pointer dereference.
>
> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
> Call trace:
> 0x0
> spi_imx_pio_transfer+0x50/0xd8
> spi_imx_transfer_one+0x18c/0x858
> spi_transfer_one_message+0x43c/0x790
> __spi_pump_transfer_message+0x238/0x5d4
> __spi_sync+0x2b0/0x454
> spi_write_then_read+0x11c/0x200
>
> [ Fix ]
>
> Introduce a check for the spi_imx_setupxfer function; if the function
> failed to setup the transfer, exit and do not use a potential NULL pointer.
>
> [ Test Plan ]
>
> Compiled and boot tested only.
>
> [ Regression Potential ]
>
> No regression potential, introducing only a NULL pointer check.
>
> v2: Fixed the "cherry pick" tag in patch 1/1
>
> Tamura Dai (1):
> spi: spi-imx: Add check for spi_imx_setupxfer()
>
> drivers/spi/spi-imx.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> --
> 2.43.0
>
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list