CVE-2023-54022

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix potential memory leaks at error path for UMP open

The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasn't updated yet at the allocation / init error in alloc_midi_urbs(), this entry won't be released.

The intention of free_midi_urbs() is to release the whole elements, so change the loop size to NUM_URBS to scan over all elements for fixing the missed releases.

Also, the call of free_midi_urbs() is missing at snd_usb_midi_v2_open(). Although it'll be released later at reopen/close or disconnection, it's better to release immediately at the error path.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxff49d1df79aef7580fe3ac99d17c3f886655d080 < f819b343aa95d24d5f7d6e06660c7f62591abc5faffected
LinuxLinuxff49d1df79aef7580fe3ac99d17c3f886655d080 < b1757fa30ef14f254f4719bf6f7d54a4c8207216affected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.5.3 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References