{ "threat_severity" : "Low", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel ALSA USB audio: Denial of Service due to memory leaks in MIDI 2.0 / UMP device handling", "id" : "2424937", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2424937" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix potential memory leaks at error path for UMP open\nThe allocation and initialization errors at alloc_midi_urbs() that is\ncalled at MIDI 2.0 / UMP device are supposed to be handled at the\ncaller side by invoking free_midi_urbs(). However, free_midi_urbs()\nloops only for ep->num_urbs entries, and since ep->num_entries wasn't\nupdated yet at the allocation / init error in alloc_midi_urbs(), this\nentry won't be released.\nThe intention of free_midi_urbs() is to release the whole elements, so\nchange the loop size to NUM_URBS to scan over all elements for fixing\nthe missed releases.\nAlso, the call of free_midi_urbs() is missing at\nsnd_usb_midi_v2_open(). Although it'll be released later at\nreopen/close or disconnection, it's better to release immediately at\nthe error path.", "A flaw was found in the Linux kernel's Advanced Linux Sound Architecture (ALSA) USB audio driver. This vulnerability, related to improper memory management when handling MIDI 2.0 / Universal MIDI Packet (UMP) devices, could lead to memory leaks. A local attacker with low privileges could exploit this flaw by triggering specific allocation and initialization errors. This could result in a Denial of Service (DoS) due to resource exhaustion." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54022\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54022\nhttps://lore.kernel.org/linux-cve-announce/2025122434-CVE-2023-54022-ae26@gregkh/T" ], "name" : "CVE-2023-54022", "csaw" : false }