CVE-2023-54022
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel ALSA USB-Audio MIDI 2.0 Component

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasn't updated yet at the allocation / init error in alloc_midi_urbs(), this entry won't be released. The intention of free_midi_urbs() is to release the whole elements, so change the loop size to NUM_URBS to scan over all elements for fixing the missed releases. Also, the call of free_midi_urbs() is missing at snd_usb_midi_v2_open(). Although it'll be released later at reopen/close or disconnection, it's better to release immediately at the error path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54022
EUVD
EUVD-2025-205125
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a potential memory leak in the Linux kernel's ALSA usb-audio driver related to MIDI 2.0 / UMP devices. Specifically, when an error occurs during allocation and initialization in the alloc_midi_urbs() function, the cleanup function free_midi_urbs() does not release all allocated memory because it loops based on an outdated count of entries. This causes some memory not to be freed immediately, leading to a memory leak. The fix involves changing the loop to cover all elements and adding a missing call to free_midi_urbs() in the error path to release memory promptly.


How can this vulnerability impact me? :

This vulnerability can lead to memory leaks in the Linux kernel when using USB audio devices with MIDI 2.0 / UMP support. Over time, these leaks could consume system memory unnecessarily, potentially degrading system performance or causing instability if the leaks accumulate significantly.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the ALSA usb-audio component has the fix for the memory leak in alloc_midi_urbs(), specifically where free_midi_urbs() properly releases all elements and is called at the error path in snd_usb_midi_v2_open().


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart