Linux Kernel ALSA Firewire-Digi00x Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's ALSA firewire-digi00x component. This issue arises because the code incorrectly frees the reception stream before returning an error code when initializing the stream fails. As a result, it can lead to a use-after-free condition, potentially allowing for memory corruption or other unintended behavior.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may allow for memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by attempting to initialize a duplex stream using the 'snd_dg00x_stream_init_duplex' function. If the initialization of the transmission stream fails, the function should return an error code. However, due to the vulnerability, it instead frees the reception stream and incorrectly returns success, creating a use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is 'c0e72058d5e21982e61a29de6b098f7c1f0db498', which is included in the official Linux kernel repositories.