CVE-2026-45992

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path

The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak.

Fix it in the error path for setup_card(), too.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxda938aa9fc7826901921dcea225948ab21a97e45 < 2d42c3386b7389d33caea7184cdb0188997fa6a9affected
LinuxLinux09616e25f502080ba684fc7fcf959d1376ab756d < d50223ae98148fcc3bba18e718e4b0608df83bceaffected
LinuxLinuxb956e48371f2ff72b76be9a829800ecec963bd45 < 089940d969e13e129b54f104a578cbafd99e308baffected
LinuxLinuxf537e3ad69609f6924a4db6b4a7f6561f5288bdd < be62c8bb03b6aec3790a943d4a7567d4d73b8be9affected
LinuxLinux6251e3e256337a30160ef59ab1580dde4d1acd28 < e0fb842af7052f0ab9e709db0c59300aa4051fc0affected
LinuxLinuxe59ecd4ee3a450db6cb4e4ecaa3efdd593f80056 < 1d160e30aa42b7c41163e51366bb34432367260daffected
LinuxLinux096dd8519cf2f768e9e14f224b627f7aaee1a9c5 < 438ab932dc6fef5b001dfeba08a18a491edc8f7baffected
LinuxLinux28abd224db4a49560b452115bca3672a20e45b2f < 0a7b5221b5b51cc798fcfc3be00d02eade149d69affected
LinuxLinux7.1-rc1affected
LinuxLinux0 < 7.1-rc1unaffected
LinuxLinux7.1-rc2 <= *unaffected

Weaknesses

References