{"id":"CVE-2025-71075","summary":"scsi: aic94xx: fix use-after-free in device removal path","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aic94xx: fix use-after-free in device removal path\n\nThe asd_pci_remove() function fails to synchronize with pending tasklets\nbefore freeing the asd_ha structure, leading to a potential\nuse-after-free vulnerability.\n\nWhen a device removal is triggered (via hot-unplug or module unload),\nrace condition can occur.\n\nThe fix adds tasklet_kill() before freeing the asd_ha structure,\nensuring all scheduled tasklets complete before cleanup proceeds.","modified":"2026-03-27T08:59:14.390243Z","published":"2026-01-13T15:31:28.075Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:1078-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71075.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/751c19635c2bfaaf2836a533caa3663633066dcf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a41dc180b6e1229ae49ca290ae14d82101c148c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b3e655e52b98a1d3df41c8e42035711e083099f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e354793a7ab9bb0934ea699a9d57bcd1b48fc27b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6ab594672d4cba08540919a4e6be2e202b60007"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71075.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71075"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2908d778ab3e244900c310974e1fc1c69066e450"},{"fixed":"c8f6f88cd1df35155258285c4f43268b361819df"},{"fixed":"278455a82245a572aeb218a6212a416a98e418de"},{"fixed":"b3e655e52b98a1d3df41c8e42035711e083099f8"},{"fixed":"e354793a7ab9bb0934ea699a9d57bcd1b48fc27b"},{"fixed":"a41dc180b6e1229ae49ca290ae14d82101c148c3"},{"fixed":"751c19635c2bfaaf2836a533caa3663633066dcf"},{"fixed":"f6ab594672d4cba08540919a4e6be2e202b60007"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71075.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.19"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71075.json"}}],"schema_version":"1.7.5"}