CVE-2026-45992
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak. Fix it in the error path for setup_card(), too.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-45992
EUVD
EUVD-2026-32288
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's ALSA caiaq driver. It involves a potential resource leak where an internal USB Request Block (URB) named ep1_in_urb might have been submitted before an error occurs during the setup_card() function. While normally this URB is properly killed during disconnection, the error handling path did not kill it, leading to a potential leak of this resource.


How can this vulnerability impact me? :

The impact of this vulnerability is a potential resource leak in the Linux kernel's ALSA caiaq driver. This could lead to inefficient resource usage or instability in the system if the leaked URB accumulates over time. However, no direct security impact such as privilege escalation or data corruption is described.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart