Main Vulnerability Database SB20251226276

SB20251226276 - Improper error handling in Linux kernel spi driver

Published: December 26, 2025

Security Bulletin ID SB20251226276

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper error handling (CVE-ID: CVE-2025-68746)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tegra_qspi_handle_error(), tegra_qspi_combined_seq_xfer(), tegra_qspi_non_combined_seq_xfer(), handle_cpu_based_xfer() and tegra_qspi_isr_thread() functions in drivers/spi/spi-tegra210-quad.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/01bbf25c767219b14c3235bfa85906b8d2cb8fbc
https://git.kernel.org/stable/c/551060efb156c50fe33799038ba8145418cfdeef
https://git.kernel.org/stable/c/b4e002d8a7cee3b1d70efad0e222567f92a73000
https://git.kernel.org/stable/c/bb0c58be84f907285af45657c1d4847b960a12bf