CVE-2025-37896 (GCVE-0-2025-37896)

Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2025-05-26 05:23
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: Add fix to avoid divide error For some SPI flash memory operations, dummy bytes are not mandatory. For example, in Winbond SPINAND flash memory devices, the `write_cache` and `update_cache` operation variants have zero dummy bytes. Calculating the duration for SPI memory operations with zero dummy bytes causes a divide error when `ncycles` is calculated in the spi_mem_calc_op_duration(). Add changes to skip the 'ncylcles' calculation for zero dummy bytes. Following divide error is fixed by this change: Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI ... ? do_trap+0xdb/0x100 ? do_error_trap+0x75/0xb0 ? spi_mem_calc_op_duration+0x56/0xb0 ? exc_divide_error+0x3b/0x70 ? spi_mem_calc_op_duration+0x56/0xb0 ? asm_exc_divide_error+0x1b/0x20 ? spi_mem_calc_op_duration+0x56/0xb0 ? spinand_select_op_variant+0xee/0x190 [spinand] spinand_match_and_init+0x13e/0x1a0 [spinand] spinand_manufacturer_match+0x6e/0xa0 [spinand] spinand_probe+0x357/0x7f0 [spinand] ? kernfs_activate+0x87/0xd0 spi_mem_probe+0x7a/0xb0 spi_probe+0x7d/0x130
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 226d6cb3cb799aae46d0dd19a521133997d9db11 , < 1915dbd67dadc0bb35670c8e28229baa29368d17 (git)
Affected: 226d6cb3cb799aae46d0dd19a521133997d9db11 , < 8e4d3d8a5e51e07bd0d6cdd81b5e4af79f796927 (git)
Create a notification for this product.
    Linux Linux Affected: 6.14
Unaffected: 0 , < 6.14 (semver)
Unaffected: 6.14.6 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-mem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1915dbd67dadc0bb35670c8e28229baa29368d17",
              "status": "affected",
              "version": "226d6cb3cb799aae46d0dd19a521133997d9db11",
              "versionType": "git"
            },
            {
              "lessThan": "8e4d3d8a5e51e07bd0d6cdd81b5e4af79f796927",
              "status": "affected",
              "version": "226d6cb3cb799aae46d0dd19a521133997d9db11",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi-mem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-mem: Add fix to avoid divide error\n\nFor some SPI flash memory operations, dummy bytes are not mandatory. For\nexample, in Winbond SPINAND flash memory devices, the `write_cache` and\n`update_cache` operation variants have zero dummy bytes. Calculating the\nduration for SPI memory operations with zero dummy bytes causes\na divide error when `ncycles` is calculated in the\nspi_mem_calc_op_duration().\n\nAdd changes to skip the \u0027ncylcles\u0027 calculation for zero dummy bytes.\n\nFollowing divide error is fixed by this change:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n...\n\n  ? do_trap+0xdb/0x100\n  ? do_error_trap+0x75/0xb0\n  ? spi_mem_calc_op_duration+0x56/0xb0\n  ? exc_divide_error+0x3b/0x70\n  ? spi_mem_calc_op_duration+0x56/0xb0\n  ? asm_exc_divide_error+0x1b/0x20\n  ? spi_mem_calc_op_duration+0x56/0xb0\n  ? spinand_select_op_variant+0xee/0x190 [spinand]\n  spinand_match_and_init+0x13e/0x1a0 [spinand]\n  spinand_manufacturer_match+0x6e/0xa0 [spinand]\n  spinand_probe+0x357/0x7f0 [spinand]\n  ? kernfs_activate+0x87/0xd0\n  spi_mem_probe+0x7a/0xb0\n  spi_probe+0x7d/0x130"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:23:14.733Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1915dbd67dadc0bb35670c8e28229baa29368d17"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e4d3d8a5e51e07bd0d6cdd81b5e4af79f796927"
        }
      ],
      "title": "spi: spi-mem: Add fix to avoid divide error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37896",
    "datePublished": "2025-05-20T15:21:32.685Z",
    "dateReserved": "2025-04-16T04:51:23.964Z",
    "dateUpdated": "2025-05-26T05:23:14.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-37896\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-20T16:15:25.960\",\"lastModified\":\"2025-11-17T19:31:17.663\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nspi: spi-mem: Add fix to avoid divide error\\n\\nFor some SPI flash memory operations, dummy bytes are not mandatory. For\\nexample, in Winbond SPINAND flash memory devices, the `write_cache` and\\n`update_cache` operation variants have zero dummy bytes. Calculating the\\nduration for SPI memory operations with zero dummy bytes causes\\na divide error when `ncycles` is calculated in the\\nspi_mem_calc_op_duration().\\n\\nAdd changes to skip the \u0027ncylcles\u0027 calculation for zero dummy bytes.\\n\\nFollowing divide error is fixed by this change:\\n\\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\\n...\\n\\n  ? do_trap+0xdb/0x100\\n  ? do_error_trap+0x75/0xb0\\n  ? spi_mem_calc_op_duration+0x56/0xb0\\n  ? exc_divide_error+0x3b/0x70\\n  ? spi_mem_calc_op_duration+0x56/0xb0\\n  ? asm_exc_divide_error+0x1b/0x20\\n  ? spi_mem_calc_op_duration+0x56/0xb0\\n  ? spinand_select_op_variant+0xee/0x190 [spinand]\\n  spinand_match_and_init+0x13e/0x1a0 [spinand]\\n  spinand_manufacturer_match+0x6e/0xa0 [spinand]\\n  spinand_probe+0x357/0x7f0 [spinand]\\n  ? kernfs_activate+0x87/0xd0\\n  spi_mem_probe+0x7a/0xb0\\n  spi_probe+0x7d/0x130\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-mem: Agregar correcci\u00f3n para evitar el error de divisi\u00f3n Para algunas operaciones de memoria flash SPI, los bytes ficticios no son obligatorios. Por ejemplo, en dispositivos de memoria flash Winbond SPINAND, las variantes de operaci\u00f3n `write_cache` y `update_cache` tienen cero bytes ficticios. Calcular la duraci\u00f3n de las operaciones de memoria SPI con cero bytes ficticios causa un error de divisi\u00f3n cuando se calcula `ncycles` en spi_mem_calc_op_duration(). Agregar cambios para omitir el c\u00e1lculo de \u0027ncylcles\u0027 para cero bytes ficticios. El siguiente error de divisi\u00f3n se corrige con este cambio: Oops: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP NOPTI ... ? do_trap+0xdb/0x100 ? do_error_trap+0x75/0xb0 ? spi_mem_calc_op_duration+0x56/0xb0 ? Error de divisi\u00f3n de error de exc. +0x3b/0x70 ? Duraci\u00f3n de operaci\u00f3n de c\u00e1lculo de memoria spi +0x56/0xb0 ? Error de divisi\u00f3n de error de asm de exc. +0x1b/0x20 ? Duraci\u00f3n de operaci\u00f3n de c\u00e1lculo de memoria spi +0x56/0xb0 ? Variante de operaci\u00f3n de selecci\u00f3n de spinand +0xee/0x190 [spinand] Coincidencia de spinand e inicializaci\u00f3n +0x13e/0x1a0 [spinand] Coincidencia de fabricante de spinand +0x6e/0xa0 [spinand] Sonda de spinand +0x357/0x7f0 [spinand] ? Activaci\u00f3n de Kernfs +0x87/0xd0 Sonda de memoria spi +0x7a/0xb0 Sonda spi +0x7d/0x130\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-369\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.14\",\"versionEndExcluding\":\"6.14.6\",\"matchCriteriaId\":\"C53185CE-D40C-4BFC-A6DD-1F6F5B310EF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D465631-2980-487A-8E65-40AE2B9F8ED1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C9D071F-B28E-46EC-AC61-22B913390211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"13FC0DDE-E513-465E-9E81-515702D49B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1915dbd67dadc0bb35670c8e28229baa29368d17\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8e4d3d8a5e51e07bd0d6cdd81b5e4af79f796927\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.