5.5

CVE-2026-31701

ALSA: caiaq: take a reference on the USB device in create_card()

In the Linux kernel, the following vulnerability has been resolved:

ALSA: caiaq: take a reference on the USB device in create_card()

The caiaq driver stores a pointer to the parent USB device in
cdev->chip.dev but never takes a reference on it. The card's
private_free callback, snd_usb_caiaq_card_free(), can run
asynchronously via snd_card_free_when_closed() after the USB
device has already been disconnected and freed, so any access to
cdev->chip.dev in that path dereferences a freed usb_device.

On top of the refcounting issue, the current card_free implementation
calls usb_reset_device(cdev->chip.dev). A reset in a free callback
is inappropriate: the device is going away, the call takes the
device lock in a teardown context, and the reset races with the
disconnect path that the callback is already cleaning up after.

Take a reference on the USB device in create_card() with
usb_get_dev(), drop it with usb_put_dev() in the free callback,
and remove the usb_reset_device() call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.13 < 6.18.25
LinuxLinux Kernel Version >= 6.19 < 7.0.2
LinuxLinux Kernel Version6.13 Update-
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.019
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1d9be95aee6c6246a21752e60c9519902649f482
Patch
https://git.kernel.org/stable/c/59b622a043cffc58b7638cd85ae6c30a0904f8e6
Patch
https://git.kernel.org/stable/c/6473ed16df1fe88051140611b3eb9a49be7f429e
Patch
https://git.kernel.org/stable/c/80bb50e2d459213cccff3111d5ef98ed4238c0d5
Patch
https://git.kernel.org/stable/c/f6634af5de728a46792f674a66d7843570cb68f7
Patch
https://git.kernel.org/stable/c/493b3a682ededc804555755f5d2193201339612d
https://git.kernel.org/stable/c/ac7345f68cda6989016d85d63f7b244c064aa8f6
https://git.kernel.org/stable/c/dbcf7588e8dea017ddb3f18ec2766f7d2e5f2a0e