7.8

CVE-2025-71075

scsi: aic94xx: fix use-after-free in device removal path

In the Linux kernel, the following vulnerability has been resolved:

scsi: aic94xx: fix use-after-free in device removal path

The asd_pci_remove() function fails to synchronize with pending tasklets
before freeing the asd_ha structure, leading to a potential
use-after-free vulnerability.

When a device removal is triggered (via hot-unplug or module unload),
race condition can occur.

The fix adds tasklet_kill() before freeing the asd_ha structure,
ensuring all scheduled tasklets complete before cleanup proceeds.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.19.1 < 5.10.248
LinuxLinux Kernel Version >= 5.11 < 5.15.198
LinuxLinux Kernel Version >= 5.16 < 6.1.160
LinuxLinux Kernel Version >= 6.2 < 6.6.120
LinuxLinux Kernel Version >= 6.7 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.3
LinuxLinux Kernel Version2.6.19 Update-
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.026
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/b3e655e52b98a1d3df41c8e42035711e083099f8
Patch
https://git.kernel.org/stable/c/e354793a7ab9bb0934ea699a9d57bcd1b48fc27b
Patch
https://git.kernel.org/stable/c/a41dc180b6e1229ae49ca290ae14d82101c148c3
Patch
https://git.kernel.org/stable/c/751c19635c2bfaaf2836a533caa3663633066dcf
Patch
https://git.kernel.org/stable/c/f6ab594672d4cba08540919a4e6be2e202b60007
Patch
https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de
Patch
https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df
Patch