CVE-2023-54022Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasn't updated yet at the allocation / init error in alloc_midi_urbs(), this entry won't be

Affected Packages3 packages

Linuxlinux/linux_kernel6.5.06.5.3
CVEListV5linux/linuxff49d1df79aef7580fe3ac99d17c3f886655d080f819b343aa95d24d5f7d6e06660c7f62591abc5f+2
debiandebian/linux

🔴Vulnerability Details

3
GHSA
GHSA-j4hq-f3qw-86xx: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The alloc2025-12-24
OSV
ALSA: usb-audio: Fix potential memory leaks at error path for UMP open2025-12-24
OSV
CVE-2023-54022: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocat2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel ALSA USB audio: Denial of Service due to memory leaks in MIDI 2.0 / UMP device handling2025-12-24
Debian
CVE-2023-54022: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54022 Impact, Exploitability, and Mitigation Steps | Wiz