Linux Kernel USB-Audio Timer Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's USB-audio MIDI code has been addressed. The issue arose because the timer was initialized but, in rare cases, the driver could be freed without a proper disconnect call. This left the timer active while the associated object was released, leading to a kernel warning in debug mode. The vulnerability has been resolved by ensuring the timer is properly shut down before the object is freed. Additionally, the timer management at the disconnect callback has been improved.

Impact

The vulnerability could lead to a kernel warning due to improper timer management, potentially causing confusion or issues in a debugging context.

Added: Jul 3, 2025, 11:30 AM

Updated: Jul 3, 2025, 11:30 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel USB-Audio Timer Management Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating