CVE-2025-71199

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The at91-sama5d2 adc driver in the Linux kernel contains a potential use-after-free issue. The at91 adc interrupt function can trigger the at91 adc touch data handler function, which schedules work via schedule work(&st->touch st.workq). Removing the module calls at91 adc remove, which frees the indio dev through iio device unregister at a later point. This can lead to a use-after-free condition if the scheduled work attempts to use the freed indio dev. The issue occurs due to a race condition between the module removal process and the execution of the scheduled work. Specifically, CPU0 can free indio dev while CPU1 is still using it within the iio push to buffers function. The problem is addressed by ensuring the work is canceled before proceeding with the cleanup in at91 adc remove.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.