{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71199","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-31T11:36:51.192Z","datePublished":"2026-02-04T16:07:34.062Z","dateUpdated":"2026-05-11T21:56:34.681Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:56:34.681Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver\n\nat91_adc_interrupt can call at91_adc_touch_data_handler function\nto start the work by schedule_work(&st->touch_st.workq).\n\nIf we remove the module which will call at91_adc_remove to\nmake cleanup, it will free indio_dev through iio_device_unregister but\nquite a bit later. While the work mentioned above will be used. The\nsequence of operations that may lead to a UAF bug is as follows:\n\nCPU0                                      CPU1\n\n                                     | at91_adc_workq_handler\nat91_adc_remove                      |\niio_device_unregister(indio_dev)     |\n//free indio_dev a bit later         |\n                                     | iio_push_to_buffers(indio_dev)\n                                     | //use indio_dev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in at91_adc_remove."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/adc/at91-sama5d2_adc.c"],"versions":[{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"4c83dd62595ee7b7c9298a4d19a256b6647e7240","status":"affected","versionType":"git"},{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"fdc8c835c637a3473878d1e7438c77ab8928af63","status":"affected","versionType":"git"},{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"919d176b05776c7ede79c36744c823a07d631617","status":"affected","versionType":"git"},{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"9795fe80976f8c31cafda7d44edfc0f532d1f7c4","status":"affected","versionType":"git"},{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe","status":"affected","versionType":"git"},{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"d890234a91570542c228a20f132ce74f9fedd904","status":"affected","versionType":"git"},{"version":"23ec2774f1cc168b1f32a2e0ed2709cb473bb94e","lessThan":"dbdb442218cd9d613adeab31a88ac973f22c4873","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/adc/at91-sama5d2_adc.c"],"versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","status":"unaffected","versionType":"semver"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.68","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.8","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.15.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.6.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.12.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4c83dd62595ee7b7c9298a4d19a256b6647e7240"},{"url":"https://git.kernel.org/stable/c/fdc8c835c637a3473878d1e7438c77ab8928af63"},{"url":"https://git.kernel.org/stable/c/919d176b05776c7ede79c36744c823a07d631617"},{"url":"https://git.kernel.org/stable/c/9795fe80976f8c31cafda7d44edfc0f532d1f7c4"},{"url":"https://git.kernel.org/stable/c/d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe"},{"url":"https://git.kernel.org/stable/c/d890234a91570542c228a20f132ce74f9fedd904"},{"url":"https://git.kernel.org/stable/c/dbdb442218cd9d613adeab31a88ac973f22c4873"}],"title":"iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver","x_generator":{"engine":"bippy-1.2.0"}}}}