Linux Kernel ALSA Caiaq Component Error Handling Vulnerability

A vulnerability in the Linux kernel's ALSA Caiaq USB driver has been addressed. The issue involved improper error handling in the 'setup_card()' function, which could lead to a resource leak. Specifically, an internal USB Request Block (URB) related to endpoint 1's input stream might have been submitted before an error occurred. While this URB is normally canceled during disconnection, the error path failed to do so, potentially causing a leak. The fix ensures that the URB is properly managed in the error handling process.

Impact

The vulnerability could lead to a resource leak by failing to properly cancel an internal USB Request Block (URB) related to endpoint 1's input stream during error handling, potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by triggering an error in the 'setup_card()' function of the ALSA Caiaq USB driver. This can be done by simulating a probe error after an internal URB has been submitted, which will cause the error handling to fail to cancel the URB, leading to a resource leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.