DEBIAN-CVE-2025-71199
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq). If we remove the module which will call at91_adc_remove to make cleanup, it will free indio_dev through iio_device_unregister but quite a bit later. While the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | at91_adc_workq_handler at91_adc_remove | iio_device_unregister(indio_dev) | //free indio_dev a bit later | | iio_push_to_buffers(indio_dev) | //use indio_dev Fix it by ensuring that the work is canceled before proceeding with the cleanup in at91_adc_remove.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | *, 6.1.159-1, 6.1.158-1 |
| Debian:12 | linux | 6.1.27-1, 6.1.90-1, 6.1.67-1 |
| Debian:11 | linux | 5.10.113-1, 5.10.106-1, 5.10.103-1~bpo10+1 |
| Debian:13 | linux | 0, 6.12.41-1, 6.12.43-1 |
| Debian:14 | linux | 6.17.7-1, 6.17.6-1, 6.17.5-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Feb 4, 2026 CVE Published
- Apr 28, 2026 CVE Updated