CVE-2025-39997

NONE EPSS 8.5%
Published Oct 15, 20258mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Oct 15, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, because the error timer kill added in this patch occurs after the endpoint delete, a race condition to UAF still occurs, albeit rarely. Additionally, since kill-cleanup for urb is also missing, freed memory can be accessed in interrupt context related to urb, which can cause UAF. Therefore, to prevent this, error timer and urb must be killed before freeing the heap memory.

Threat Intelligence

EPSS Exploit Probability
8.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 7

  • git.kernel.org https://git.kernel.org/stable/c/353d8c715cc951a980728133c9dd64ca5a0a186c
  • git.kernel.org https://git.kernel.org/stable/c/647d6b8d22be12842fde6ed0c56859ebc615f21e
  • git.kernel.org https://git.kernel.org/stable/c/9f2c0ac1423d5f267e7f1d1940780fc764b0fee3
  • git.kernel.org https://git.kernel.org/stable/c/af600e7f5526d16146b3ae99f6ad57bfea79ca33
  • git.kernel.org https://git.kernel.org/stable/c/dc4874366cf6cf4a31d8fa4b7f0e2a5b2d7647ba
  • git.kernel.org https://git.kernel.org/stable/c/e16985513e89466a236d2a7c202783b4dd0c5a46
  • git.kernel.org https://git.kernel.org/stable/c/e63f049c7764b615d1d50cb486745fa63372b42d

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.