Acknowledged
Created: Oct 16, 2025
Updated: Oct 17, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free[EOL][EOL]The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at[EOL]removal") patched a UAF issue caused by the error timer.[EOL][EOL]However, because the error timer kill added in this patch occurs after the[EOL]endpoint delete, a race condition to UAF still occurs, albeit rarely.[EOL][EOL]Additionally, since kill-cleanup for urb is also missing, freed memory can[EOL]be accessed in interrupt context related to urb, which can cause UAF.[EOL][EOL]Therefore, to prevent this, error timer and urb must be killed before[EOL]freeing the heap memory.
