Zero Day MonitorZDM

← Back to list

7.8

CVE-2025-71075PATCHED

linux · linux_kernel

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	< 5.10.248, < 5.15.198, < 6.1.160, < 6.6.120, < 6.12.64, < 6.18.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
amazon	amazon linux	cert_advisory	90%
canonical	ubuntu linux	cert_advisory	90%
debian	debian linux	cert_advisory	90%
ibm	ibm qradar siem	cert_advisory	90%
open source	open source linux kernel	cert_advisory	90%

References

Related News (5 articles)

Tier B

CERT-FR19h ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (10 avril 2026)

→ No new info (linked only)

Tier B

CERT-FR7d ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (03 avril 2026)

→ No new info (linked only)

Tier B

BSI Advisories8d ago

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR14d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (27 mars 2026)

→ No new info (linked only)

Tier B

CERT-FR14d ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (27 mars 2026)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

5.10.2485.15.1986.1.1606.6.1206.12.646.18.3

CWECWE-416

PublishedJan 13, 2026

Last enriched9d ago

Trending Score38

Source articles5

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-23406EXP

apparmor: fix side-effect bug in match_char() macro usage

HIGHCVE-2026-23400EXP

In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The

HIGHCVE-2026-31412EXP

usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()

HIGHCVE-2026-23398EXP

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_d

HIGHCVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a po

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jan 13, 2026

Patch Available

Mar 25, 2026

Discovered by ZDM

Apr 1, 2026