APPLIED: [SRU][N][PATCH v2 0/1] CVE-2025-37801

[Stefan Bader]

On 16/10/2025 14:53, Alessio Faina wrote:
> https://ubuntu.com/security/CVE-2025-37801
> 
> [ Impact ]
> 
> spi: spi-imx: Add check for spi_imx_setupxfer()
> 
> Add check for the return value of spi_imx_setupxfer().
> spi_imx->rx and spi_imx->tx function pointer can be NULL when
> spi_imx_setupxfer() return error, and make NULL pointer dereference.
> 
>   Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
>   Call trace:
>    0x0
>    spi_imx_pio_transfer+0x50/0xd8
>    spi_imx_transfer_one+0x18c/0x858
>    spi_transfer_one_message+0x43c/0x790
>    __spi_pump_transfer_message+0x238/0x5d4
>    __spi_sync+0x2b0/0x454
>    spi_write_then_read+0x11c/0x200
> 
> [ Fix ]
> 
> Introduce a check for the spi_imx_setupxfer function; if the function
> failed to setup the transfer, exit and do not use a potential NULL pointer.
> 
> [ Test Plan ]
> 
> Compiled and boot tested only.
> 
> [ Regression Potential ]
> 
> No regression potential, introducing only a NULL pointer check.
> 
> v2: Fixed the "cherry pick" tag in patch 1/1
> 
> Tamura Dai (1):
>    spi: spi-imx: Add check for spi_imx_setupxfer()
> 
>   drivers/spi/spi-imx.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 


Applied to noble:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251024/fe0a8f7e/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251024/fe0a8f7e/attachment-0001.sig>