CVE-2025-71075
Published: Jan 13, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2908d778ab3e244900c310974e1fc1c69066e450 - < c8f6f88cd1df35155258285c4f43268b361819dfaffected 2908d778ab3e244900c310974e1fc1c69066e450 - < 278455a82245a572aeb218a6212a416a98e418deaffected 2908d778ab3e244900c310974e1fc1c69066e450 - < b3e655e52b98a1d3df41c8e42035711e083099f8affected 2908d778ab3e244900c310974e1fc1c69066e450 - < e354793a7ab9bb0934ea699a9d57bcd1b48fc27baffected 2908d778ab3e244900c310974e1fc1c69066e450 - < a41dc180b6e1229ae49ca290ae14d82101c148c3+2 more versions |
Linux | Linux | affected 2.6.19unaffected 0 - < 2.6.19unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now