CVE-2025-71199

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver<br /> <br /> at91_adc_interrupt can call at91_adc_touch_data_handler function<br /> to start the work by schedule_work(&amp;st-&gt;touch_st.workq).<br /> <br /> If we remove the module which will call at91_adc_remove to<br /> make cleanup, it will free indio_dev through iio_device_unregister but<br /> quite a bit later. While the work mentioned above will be used. The<br /> sequence of operations that may lead to a UAF bug is as follows:<br /> <br /> CPU0 CPU1<br /> <br /> | at91_adc_workq_handler<br /> at91_adc_remove |<br /> iio_device_unregister(indio_dev) |<br /> //free indio_dev a bit later |<br /> | iio_push_to_buffers(indio_dev)<br /> | //use indio_dev<br /> <br /> Fix it by ensuring that the work is canceled before proceeding with<br /> the cleanup in at91_adc_remove.