CVE-2025-71158

MEDIUM

Linux Kernel 6.13 through 6.18.6 - Use-After-Free in GPIO MPSS Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. This change uses a spinlock to protect a list of workers, which it tears down on disconnect.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/472d900c8bcac301ae0e40fdca7db799bd989ff5

Patch

https://git.kernel.org/stable/c/179ef1127d7a4f09f0e741fa9f30b8a8e7886271

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (8)

linux/Kernel 6.13.0 - 6.18.6linux

Linux/Linux < 6.13

Linux/Linux 6.13

Linux/Linux 6.18.6 - 6.18.*

Linux/Linux 6.19

Linux/Linux c46a74ff05c0ac76ba11ef21c930c3b447abf31a - 179ef1127d7a4f09f0e741fa9f30b8a8e7886271

Linux/Linux c46a74ff05c0ac76ba11ef21c930c3b447abf31a - 472d900c8bcac301ae0e40fdca7db799bd989ff5

linux/linux_kernel 6.13 - 6.18.6

Published Jan 23, 2026

Tracked Since Feb 18, 2026