CVE ID : CVE-2024-53239

Published : Dec. 27, 2024, 2:15 p.m. | 1 hour ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ALSA: 6fire: Release resources at card release

The current 6fire code tries to release the resources right after the
call of usb6fire_chip_abort(). But at this moment, the card object
might be still in use (as we’re calling snd_card_free_when_closed()).

For avoid potential UAFs, move the release of resources to the card’s
private_free instead of the manual call of usb6fire_chip_destroy() at
the USB disconnect callback.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…