CVE-2025-71199
Published: Feb 4, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq). If we remove the module which will call at91_adc_remove to make cleanup, it will free indio_dev through iio_device_unregister but quite a bit later. While the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | at91_adc_workq_handler at91_adc_remove | iio_device_unregister(indio_dev) | //free indio_dev a bit later | | iio_push_to_buffers(indio_dev) | //use indio_dev Fix it by ensuring that the work is canceled before proceeding with the cleanup in at91_adc_remove.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 23ec2774f1cc168b1f32a2e0ed2709cb473bb94e - < 4c83dd62595ee7b7c9298a4d19a256b6647e7240affected 23ec2774f1cc168b1f32a2e0ed2709cb473bb94e - < fdc8c835c637a3473878d1e7438c77ab8928af63affected 23ec2774f1cc168b1f32a2e0ed2709cb473bb94e - < 919d176b05776c7ede79c36744c823a07d631617affected 23ec2774f1cc168b1f32a2e0ed2709cb473bb94e - < 9795fe80976f8c31cafda7d44edfc0f532d1f7c4affected 23ec2774f1cc168b1f32a2e0ed2709cb473bb94e - < d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe+2 more versions |
Linux | Linux | affected 4.19unaffected 0 - < 4.19unaffected 5.10.249 - <= 5.10.*unaffected 5.15.199 - <= 5.15.*unaffected 6.1.162 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now