CVE-2023-54022

NONE EPSS 4.2%
Published Dec 24, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 24, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasn't updated yet at the allocation / init error in alloc_midi_urbs(), this entry won't be released. The intention of free_midi_urbs() is to release the whole elements, so change the loop size to NUM_URBS to scan over all elements for fixing the missed releases. Also, the call of free_midi_urbs() is missing at snd_usb_midi_v2_open(). Although it'll be released later at reopen/close or disconnection, it's better to release immediately at the error path.

Threat Intelligence

EPSS Exploit Probability
4.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 2

  • git.kernel.org https://git.kernel.org/stable/c/b1757fa30ef14f254f4719bf6f7d54a4c8207216
  • git.kernel.org https://git.kernel.org/stable/c/f819b343aa95d24d5f7d6e06660c7f62591abc5f

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.