CVE-2025-71299

🔶 medium

Summary

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

The recent refactoring of where runtime PM is enabled done in commit
f1eb4e792bb1 ("spi: spi-cadence-quadspi: Enable pm runtime earlier to
avoid imbalance") made the fact that when we do a pm_runtime_disable()
in the error paths of probe() we can trigger a runtime disable which in
turn results in duplicate clock disables. This is particularly likely
to happen when there is missing or broken DT description for the flashes
attached to the controller.

Early on in the probe function we do a pm_runtime_get_noresume() since
the probe function leaves the device in a powered up state but in the
error path we can't assume that PM is enabled so we also manually
disable everything, including clocks. This means that when runtime PM is
active both it and the probe function release the same reference to the
main clock for the IP, triggering warnings from the clock subsystem:

[ 8.693719] clk:75:7 already disabled
[ 8.693791] WARNING: CPU: 1 PID: 185 at /usr/src/kernel/drivers/clk/clk.c:1188 clk_core_disable+0xa0/0xb
...
[ 8.694261] clk_core_disable+0xa0/0xb4 (P)
[ 8.694272] clk_disable+0x38/0x60
[ 8.694283] cqspi_probe+0x7c8/0xc5c [spi_cadence_quadspi]
[ 8.694309] platform_probe+0x5c/0xa4

Dealing with this issue properly is complicated by the fact that we
don't know if runtime PM is active so can't tell if it will disable the
clocks or not. We can, however, sidestep the issue for the flash
descriptions by moving their parsing to when we parse the controller
properties which also save us doing a bunch of setup which can never be
used so let's do that.

CVSS Score

5.5

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-08

First Seen: 2026-05-10

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.6% of all 321,566 vulnerabilities in our database.

#216,619

Below average severity

Severity Percentile

Last Modified 2026-05-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor	Product	Status	Affected Versions
linux	linux_kernel	Affected	> 6.17.11 < 6.18
linux	linux_kernel	Affected	> 6.18.1 < 6.18.16
linux	linux_kernel	Affected	> 6.19 < 6.19.6
linux	linux_kernel	Affected	v6.18

CVE-2025-71299

Summary

Description

📊 Relative Risk Intelligence

📦 Affected Products 4

🔗 References 3

🔗 Related CVEs 6

CVE ID	Severity	CVSS	Summary	Published
CVE-2026-43500	⚠️ high	7.8	In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when page...	2026-05-11
CVE-2026-43284	⚠️ high	8.8	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb fra...	2026-05-08
CVE-2025-71296	🔶 medium	5.5	In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purg...	2026-05-08
CVE-2025-71297	🔶 medium	5.5	In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_confi...	2026-05-08
CVE-2025-71298	🔶 medium	5.5	In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madv...	2026-05-08
CVE-2025-71300	🔶 medium	5.5	In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the de...	2026-05-08