CVE-2025-38105

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Kill timer properly at removal

The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned object is released via snd_usbmidi_free(), which ends up with a kernel warning when the debug configuration is enabled, as spotted by fuzzer.

For avoiding the problem, put timer_shutdown_sync() at snd_usbmidi_free(), so that the timer can be killed properly. While we're at it, replace the existing timer_delete_sync() at the disconnect callback with timer_shutdown_sync(), too.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc88469704d63787e8d44ca5ea1c1bd0adc29572d < 06513dd6d32c37d0364db8488cfdf3e14da238a8affected
LinuxLinuxc88469704d63787e8d44ca5ea1c1bd0adc29572d < efaf61052b8ff9ee8968912fbaf02c2847c78edeaffected
LinuxLinuxc88469704d63787e8d44ca5ea1c1bd0adc29572d < 647410a7da46067953a53c0d03f8680eff570959affected
LinuxLinuxc88469704d63787e8d44ca5ea1c1bd0adc29572d < c611b9e55174e439dcd85a72969b43a95f3827a4affected
LinuxLinuxc88469704d63787e8d44ca5ea1c1bd0adc29572d < 62066758d2ae169278e5d6aea5995b1b6f6ddeb5affected
LinuxLinuxc88469704d63787e8d44ca5ea1c1bd0adc29572d < 0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1affected
LinuxLinux2.6.14affected
LinuxLinux0 < 2.6.14unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.111 <= 6.6.*unaffected
LinuxLinux6.12.52 <= 6.12.*unaffected
LinuxLinux6.15.3 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References