CVE-2025-71199
- Source
- https://cve.org/CVERecord?id=CVE-2025-71199
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71199.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-71199
- Downstream
- Related
- Published
- 2026-02-04T16:07:34.062Z
- Modified
- 2026-03-24T08:59:20.050693Z
- Summary
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: at91-sama5d2adc: Fix potential use-after-free in sama5d2adc driver
at91adcinterrupt can call at91adctouchdatahandler function to start the work by schedulework(&st->touchst.workq).
If we remove the module which will call at91adcremove to make cleanup, it will free indiodev through iiodevice_unregister but quite a bit later. While the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows:
CPU0 CPU1
| at91_adc_workq_handlerat91adcremove | iiodeviceunregister(indiodev) | //free indiodev a bit later | | iiopushtobuffers(indiodev) | //use indio_dev
Fix it by ensuring that the work is canceled before proceeding with the cleanup in at91adcremove.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71199.json" }- References
-
- https://git.kernel.org/stable/c/4c83dd62595ee7b7c9298a4d19a256b6647e7240
- https://git.kernel.org/stable/c/919d176b05776c7ede79c36744c823a07d631617
- https://git.kernel.org/stable/c/9795fe80976f8c31cafda7d44edfc0f532d1f7c4
- https://git.kernel.org/stable/c/d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe
- https://git.kernel.org/stable/c/d890234a91570542c228a20f132ce74f9fedd904
- https://git.kernel.org/stable/c/dbdb442218cd9d613adeab31a88ac973f22c4873
- https://git.kernel.org/stable/c/fdc8c835c637a3473878d1e7438c77ab8928af63
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71199.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-71199
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced23ec2774f1cc168b1f32a2e0ed2709cb473bb94eFixed4c83dd62595ee7b7c9298a4d19a256b6647e7240Fixedfdc8c835c637a3473878d1e7438c77ab8928af63Fixed919d176b05776c7ede79c36744c823a07d631617Fixed9795fe80976f8c31cafda7d44edfc0f532d1f7c4Fixedd7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfeFixedd890234a91570542c228a20f132ce74f9fedd904Fixeddbdb442218cd9d613adeab31a88ac973f22c4873
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.19.0Fixed5.10.249
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.199
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.162
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.122
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.68
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.8