CVE-2026-45992
Published: May 28, 2026Last modified: May 28, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak. Fix it in the error path for setup_card(), too.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.33-r0) |
| 25 LTS | linux-lts | Not affected (6.6.89-r0) | |
| Stream | linux-lts | Not affected (6.1.33-r0) |
References
- https://git.kernel.org/stable/c/089940d969e13e129b54f104a578cbafd99e308b
- https://git.kernel.org/stable/c/0a7b5221b5b51cc798fcfc3be00d02eade149d69
- https://git.kernel.org/stable/c/1d160e30aa42b7c41163e51366bb34432367260d
- https://git.kernel.org/stable/c/2d42c3386b7389d33caea7184cdb0188997fa6a9
- https://git.kernel.org/stable/c/438ab932dc6fef5b001dfeba08a18a491edc8f7b
- https://git.kernel.org/stable/c/be62c8bb03b6aec3790a943d4a7567d4d73b8be9
- https://git.kernel.org/stable/c/d50223ae98148fcc3bba18e718e4b0608df83bce
- https://git.kernel.org/stable/c/e0fb842af7052f0ab9e709db0c59300aa4051fc0