Linux Kernel ALSA USB-Audio Use-After-Free Vulnerability in snd_usbmidi_free

A use-after-free vulnerability has been addressed in the Linux kernel's ALSA USB-Audio subsystem, specifically within the snd_usbmidi_free function. This vulnerability arose from a race condition related to the handling of error timers and USB request blocks (URBs). The issue was initially introduced when the error timer was not properly synchronized with the deletion of USB endpoints, allowing for a rare race condition that could be exploited. Furthermore, the absence of proper cleanup for URBs meant that freed memory could be accessed in interrupt context, exacerbating the use-after-free condition. The vulnerability has been resolved by ensuring that the error timer and URBs are properly managed before freeing the associated memory.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.