GHSA-J4HQ-F3QW-86XX

Vulnerability from github – Published: 2025-12-24 12:30 – Updated: 2025-12-24 12:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix potential memory leaks at error path for UMP open

The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasn't updated yet at the allocation / init error in alloc_midi_urbs(), this entry won't be released.

The intention of free_midi_urbs() is to release the whole elements, so change the loop size to NUM_URBS to scan over all elements for fixing the missed releases.

Also, the call of free_midi_urbs() is missing at snd_usb_midi_v2_open(). Although it'll be released later at reopen/close or disconnection, it's better to release immediately at the error path.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54022"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T11:15:55Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential memory leaks at error path for UMP open\n\nThe allocation and initialization errors at alloc_midi_urbs() that is\ncalled at MIDI 2.0 / UMP device are supposed to be handled at the\ncaller side by invoking free_midi_urbs().  However, free_midi_urbs()\nloops only for ep-\u003enum_urbs entries, and since ep-\u003enum_entries wasn\u0027t\nupdated yet at the allocation / init error in alloc_midi_urbs(), this\nentry won\u0027t be released.\n\nThe intention of free_midi_urbs() is to release the whole elements, so\nchange the loop size to NUM_URBS to scan over all elements for fixing\nthe missed releases.\n\nAlso, the call of free_midi_urbs() is missing at\nsnd_usb_midi_v2_open().  Although it\u0027ll be released later at\nreopen/close or disconnection, it\u0027s better to release immediately at\nthe error path.",
  "id": "GHSA-j4hq-f3qw-86xx",
  "modified": "2025-12-24T12:30:28Z",
  "published": "2025-12-24T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54022"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1757fa30ef14f254f4719bf6f7d54a4c8207216"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f819b343aa95d24d5f7d6e06660c7f62591abc5f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.