Home

Description

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq). If we remove the module which will call at91_adc_remove to make cleanup, it will free indio_dev through iio_device_unregister but quite a bit later. While the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | at91_adc_workq_handler at91_adc_remove | iio_device_unregister(indio_dev) | //free indio_dev a bit later | | iio_push_to_buffers(indio_dev) | //use indio_dev Fix it by ensuring that the work is canceled before proceeding with the cleanup in at91_adc_remove.

PUBLISHED Reserved 2026-01-31 | Published 2026-02-04 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before 4c83dd62595ee7b7c9298a4d19a256b6647e7240
affected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before fdc8c835c637a3473878d1e7438c77ab8928af63
affected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before 919d176b05776c7ede79c36744c823a07d631617
affected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before 9795fe80976f8c31cafda7d44edfc0f532d1f7c4
affected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe
affected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before d890234a91570542c228a20f132ce74f9fedd904
affected

23ec2774f1cc168b1f32a2e0ed2709cb473bb94e (git) before dbdb442218cd9d613adeab31a88ac973f22c4873
affected

Default status
affected

4.19
affected

Any version before 4.19
unaffected

5.10.249 (semver)
unaffected

5.15.199 (semver)
unaffected

6.1.162 (semver)
unaffected

6.6.122 (semver)
unaffected

6.12.68 (semver)
unaffected

6.18.8 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/4c83dd62595ee7b7c9298a4d19a256b6647e7240

git.kernel.org/...c/fdc8c835c637a3473878d1e7438c77ab8928af63

git.kernel.org/...c/919d176b05776c7ede79c36744c823a07d631617

git.kernel.org/...c/9795fe80976f8c31cafda7d44edfc0f532d1f7c4

git.kernel.org/...c/d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe

git.kernel.org/...c/d890234a91570542c228a20f132ce74f9fedd904

git.kernel.org/...c/dbdb442218cd9d613adeab31a88ac973f22c4873

cve.org (CVE-2025-71199)

nvd.nist.gov (CVE-2025-71199)

Download JSON