{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T22:55:47.756","vulnerabilities":[{"cve":{"id":"CVE-2025-71199","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-04T17:16:11.847","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver\n\nat91_adc_interrupt can call at91_adc_touch_data_handler function\nto start the work by schedule_work(&st->touch_st.workq).\n\nIf we remove the module which will call at91_adc_remove to\nmake cleanup, it will free indio_dev through iio_device_unregister but\nquite a bit later. While the work mentioned above will be used. The\nsequence of operations that may lead to a UAF bug is as follows:\n\nCPU0                                      CPU1\n\n                                     | at91_adc_workq_handler\nat91_adc_remove                      |\niio_device_unregister(indio_dev)     |\n//free indio_dev a bit later         |\n                                     | iio_push_to_buffers(indio_dev)\n                                     | //use indio_dev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in at91_adc_remove."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\niio: adc: at91-sama5d2_adc: Soluciona un potencial uso después de liberación en el controlador sama5d2_adc\n\nat91_adc_interrupt puede llamar a la función at91_adc_touch_data_handler para iniciar el trabajo mediante schedule_work(&st->touch_st.workq).\n\nSi eliminamos el módulo que llamará a at91_adc_remove para realizar la limpieza, liberará indio_dev a través de iio_device_unregister pero bastante más tarde. Mientras que el trabajo mencionado anteriormente será utilizado. La secuencia de operaciones que puede llevar a un error UAF es la siguiente:\n\nCPU0 CPU1\n\n                                     | at91_adc_workq_handler\nat91_adc_remove                      |\niio_device_unregister(indio_dev)     |\n//liberar indio_dev un poco más tarde |\n                                     | iio_push_to_buffers(indio_dev)\n                                     | //usar indio_dev\n\nSe soluciona asegurando que el trabajo sea cancelado antes de proceder con la limpieza en at91_adc_remove."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4c83dd62595ee7b7c9298a4d19a256b6647e7240","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/919d176b05776c7ede79c36744c823a07d631617","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9795fe80976f8c31cafda7d44edfc0f532d1f7c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d890234a91570542c228a20f132ce74f9fedd904","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dbdb442218cd9d613adeab31a88ac973f22c4873","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fdc8c835c637a3473878d1e7438c77ab8928af63","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}