CVE-2025-71075

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de	Patch
https://git.kernel.org/stable/c/751c19635c2bfaaf2836a533caa3663633066dcf	Patch
https://git.kernel.org/stable/c/a41dc180b6e1229ae49ca290ae14d82101c148c3	Patch
https://git.kernel.org/stable/c/b3e655e52b98a1d3df41c8e42035711e083099f8	Patch
https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df	Patch
https://git.kernel.org/stable/c/e354793a7ab9bb0934ea699a9d57bcd1b48fc27b	Patch
https://git.kernel.org/stable/c/f6ab594672d4cba08540919a4e6be2e202b60007	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.19:-::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

25 Mar 2026, 19:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux Linux linux Kernel
CWE		CWE-416
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.19:-:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
References	~~() https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de -~~	() https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de - Patch
References	~~() https://git.kernel.org/stable/c/751c19635c2bfaaf2836a533caa3663633066dcf -~~	() https://git.kernel.org/stable/c/751c19635c2bfaaf2836a533caa3663633066dcf - Patch
References	~~() https://git.kernel.org/stable/c/a41dc180b6e1229ae49ca290ae14d82101c148c3 -~~	() https://git.kernel.org/stable/c/a41dc180b6e1229ae49ca290ae14d82101c148c3 - Patch
References	~~() https://git.kernel.org/stable/c/b3e655e52b98a1d3df41c8e42035711e083099f8 -~~	() https://git.kernel.org/stable/c/b3e655e52b98a1d3df41c8e42035711e083099f8 - Patch
References	~~() https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df -~~	() https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df - Patch
References	~~() https://git.kernel.org/stable/c/e354793a7ab9bb0934ea699a9d57bcd1b48fc27b -~~	() https://git.kernel.org/stable/c/e354793a7ab9bb0934ea699a9d57bcd1b48fc27b - Patch
References	~~() https://git.kernel.org/stable/c/f6ab594672d4cba08540919a4e6be2e202b60007 -~~	() https://git.kernel.org/stable/c/f6ab594672d4cba08540919a4e6be2e202b60007 - Patch

19 Jan 2026, 13:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de - () https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df -

13 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 16:16

Updated : 2026-03-25 19:03

NVD link : CVE-2025-71075

Mitre link : CVE-2025-71075

CVE.ORG link : CVE-2025-71075

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10