CVE-2025-71162 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-71162?

CVE-2025-71162 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's Tegra ADMA driver allows memory corruption when audio streams terminate during XRUN conditions. This affects Linux systems using NVIDIA Tegra hardware with the ADMA driver loaded. The vulnerability can lead to system crashes or potential privilege escalation.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's Tegra ADMA driver allows memory corruption when audio streams terminate during XRUN conditions. This affects Linux systems using NVIDIA Tegra hardware with the ADMA driver loaded. The vulnerability can lead to system crashes or potential privilege escalation.

💻 Affected Systems

Products:

Linux kernel with tegra-adma driver

Versions: Kernel versions before the fix commits (specific versions depend on distribution backports)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with NVIDIA Tegra hardware where the tegra-adma driver is loaded and used for audio DMA operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, system takeover, or persistent compromise.

🟠

Likely Case

System crash or kernel panic causing denial of service and potential data loss.

🟢

If Mitigated

Minor performance impact from proper synchronization with no security risk.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger audio operations on the system.

🏢 Internal Only: MEDIUM - Local users or processes with audio access could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger audio operations and cause XRUN conditions. Race condition makes exploitation timing-sensitive.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 2efd07a7c36949e6fa36a69183df24d368bf9e96 or later fixes

Vendor Advisory: https://git.kernel.org/stable/c/2efd07a7c36949e6fa36a69183df24d368bf9e96

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable tegra-adma module

linux

Prevent loading of vulnerable driver if not required

echo 'blacklist tegra-adma' >> /etc/modprobe.d/blacklist.conf
rmmod tegra-adma

Avoid audio XRUN conditions

linux

Configure audio systems to prevent underrun/overrun conditions

# Configure audio buffer sizes appropriately for your application

🧯 If You Can't Patch

Isolate systems using tegra-adma driver from untrusted users
Monitor for kernel panics or crashes related to DMA operations

🔍 How to Verify

Check if Vulnerable:

Check if tegra-adma module is loaded: lsmod | grep tegra_adma AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and tegra-adma module functions without crashes during audio termination

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN use-after-free reports for vchan_complete
Audio subsystem crashes

Network Indicators:

None - local vulnerability

SIEM Query:

event_source="kernel" AND (message="KASAN: use-after-free" OR message="BUG:" AND message:"tegra-adma" OR message:"vchan_complete")

📊 Metadata

CVE ID: CVE-2025-71162

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (8.9th percentile)

Published: January 25, 2026

Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-71162, you might also want to check these: