CVE-2025-68746 | spi: tegra210-quad: Fix timeout handling

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached. While handling the timeouts, any pending transfers are cleaned up and the message that they correspond to is marked as failed, which leaves the curr_xfer field pointing at stale memory. To avoid this, clear curr_xfer to NULL upon timeout and check for this condition when the IRQ thread is finally run. While at it, also make sure to clear interrupts on failure so that new interrupts can be run. A better, more involved, fix would move the interrupt clearing into a hard IRQ handler. Ideally we would also want to signal that the IRQ thread no longer needs to be run after the timeout is hit to avoid the extra check for a valid transfer.

Published: 2025-12-24 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-68746 is rated Low Risk (18.4/100): low exploitation likelihood (EPSS 0.06%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-68746

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-03	0.04%	0.06%	+0.01%
2	2026-05-22	0.05%	0.04%	-0.01%
3	2026-02-18	—	0.05%	—

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68746

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-68746

OS Trackers for CVE-2025-68746

vendor	priority	summary	link
`debian`	unimportant	CVE-2025-68746 unimportant priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2025-68746
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2025-68746
`suse`	medium	CVE-2025-68746 severity moderate: SUSE including 477 source package names (13.2-9.1:libsystemd0-254.23-1.1, 13.2-9.1:libudev1-254.23-1.1, …), 1029 product×package rows across 185 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (185 product lines)): Fixed 649, Known Affected 231, Known Not Affected 124, First Fixed 25.	https://www.suse.com/security/cve/CVE-2025-68746/
`ubuntu`	medium	CVE-2025-68746 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 179, released 149, not-affected 46, pending 12, needed 9.	https://ubuntu.com/security/CVE-2025-68746

Affected software / configurations for CVE-2025-68746

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-68746

URL	Tags
https://git.kernel.org/stable/c/01bbf25c767219b14c3235bfa85906b8d2cb8fbc
https://git.kernel.org/stable/c/551060efb156c50fe33799038ba8145418cfdeef
https://git.kernel.org/stable/c/83309dd551cfd60a5a1a98d9cab19f435b44d46d
https://git.kernel.org/stable/c/88db8bb7ed1bb474618acdf05ebd4f0758d244e2
https://git.kernel.org/stable/c/b4e002d8a7cee3b1d70efad0e222567f92a73000
https://git.kernel.org/stable/c/bb0c58be84f907285af45657c1d4847b960a12bf
https://git.kernel.org/stable/c/c934e40246da2c5726d14e94719c514e30840df8

cvelogic Threat Intelligence