CVE-2025-71075

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: aic94xx: fix use-after-free in device removal path

The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability.

When a device removal is triggered (via hot-unplug or module unload), race condition can occur.

The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < c8f6f88cd1df35155258285c4f43268b361819dfaffected
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < 278455a82245a572aeb218a6212a416a98e418deaffected
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < b3e655e52b98a1d3df41c8e42035711e083099f8affected
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < e354793a7ab9bb0934ea699a9d57bcd1b48fc27baffected
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < a41dc180b6e1229ae49ca290ae14d82101c148c3affected
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < 751c19635c2bfaaf2836a533caa3663633066dcfaffected
LinuxLinux2908d778ab3e244900c310974e1fc1c69066e450 < f6ab594672d4cba08540919a4e6be2e202b60007affected
LinuxLinux2.6.19affected
LinuxLinux0 < 2.6.19unaffected
LinuxLinux5.10.248 <= 5.10.*unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.64 <= 6.12.*unaffected
LinuxLinux6.18.3 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References