CVE-2025-37896: 
Linux Ubuntu vulnerability analysis and mitigation

A vulnerability (CVE-2025-37896) was identified in the Linux kernel affecting SPI flash memory operations. The issue was discovered and disclosed on May 20, 2025, specifically impacting the handling of zero dummy bytes in certain SPI flash memory operations, particularly affecting Winbond SPINAND flash memory devices during writecache and updatecache operations (Wiz Security, Red Hat Security).

The vulnerability manifests as a divide error in the spimemcalcopduration() function when handling zero dummy bytes in SPI flash memory operations. This specifically occurs during the calculation of 'ncycles' for operations where dummy bytes are not mandatory. The issue has been assigned a CVSS v3.1 score of 7.0, with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat Security).

When exploited, the vulnerability triggers a kernel Oops condition with the message 'divide error: 0000 [#1] PREEMPT SMP NOPTI', potentially affecting system stability and operation. This particularly impacts systems using Winbond SPINAND flash memory devices during specific operations (Wiz Security).

The vulnerability has been patched by adding changes to skip the 'ncycles' calculation for zero dummy bytes in the spimemcalcopduration() function. Systems should be updated with the patched version of the Linux kernel to resolve this issue (Red Hat Security).