CVE-2025-71199
Unknown Unknown - Not Provided
Use-After-Free in Linux at91-sama5d2_adc Driver Causes Memory Corruption

Publication date: 2026-02-04

Last updated on: 2026-02-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq). If we remove the module which will call at91_adc_remove to make cleanup, it will free indio_dev through iio_device_unregister but quite a bit later. While the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | at91_adc_workq_handler at91_adc_remove | iio_device_unregister(indio_dev) | //free indio_dev a bit later | | iio_push_to_buffers(indio_dev) | //use indio_dev Fix it by ensuring that the work is canceled before proceeding with the cleanup in at91_adc_remove.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-71199
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
at91 at91_sama5d2_adc *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a potential use-after-free (UAF) bug in the Linux kernel's at91-sama5d2_adc driver. It occurs because the driver schedules work to be done asynchronously using schedule_work, but if the module is removed and cleanup begins, the device structure (indio_dev) is freed later while the scheduled work might still try to access it. This can lead to the work function using memory that has already been freed.

The issue arises from a race condition between two CPUs: one CPU initiates the removal and cleanup of the device, freeing the memory, while another CPU is still executing the work handler that accesses the now freed memory. The fix involves canceling the scheduled work before proceeding with the cleanup to prevent the use-after-free scenario.

Impact Analysis

This vulnerability can lead to undefined behavior such as system crashes, data corruption, or potential escalation of privileges due to the use-after-free condition in the kernel driver. Since it involves kernel memory management, exploitation could compromise system stability or security.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix for the at91-sama5d2_adc driver. The fix involves canceling the scheduled work before proceeding with cleanup in the at91_adc_remove function to prevent use-after-free conditions.

If you are maintaining or compiling the kernel, update to a version where this issue is resolved. Avoid removing the at91-sama5d2_adc module without this fix applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart