← Back

CVE-2025-71075

nvd nist
Published: Jan 13, 2026Modified: Jun 17, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds.

Affected (15)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 2.6.19.1 to 5.10.248
From 5.11 to 5.15.198
From 5.16 to 6.1.160
From 6.13 to 6.18.3
From 6.2 to 6.6.120
From 6.7 to 6.12.64
Version 2.6.19
Version 6.19 rc1
Version 6.19 rc2
Version 6.19 rc3
Version 6.19 rc4
Version 6.19 rc5
Version 6.19 rc6
Version 6.19 rc7
Version 6.19 rc8

References (7)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.