CVE-2025-71162

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The problem occurs when the DMA buffer is freed before the virtual channel completion tasklet finishes accessing it. This is due to a race condition where the buffer is freed by tegra adma terminate all() before the vchan complete() function can access it. The fix involves synchronizing the virtual channel completion by marking descriptors as terminated instead of freeing them and adding a callback tegra adma synchronize() that calls vchan synchronize() to kill pending tasklets and free terminated descriptors. Crash logs indicate a KASAN report of a use-after-free in vchan complete().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-01117

CVE-2025-71162

ECHO-3B27-418F-B091

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8034-1

USN-8034-2

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Tegra Adma

Ubuntu

CVE-2025-71162

Weakness Enumeration

Related Identifiers

Affected Products

References · 2190