oss-sec mailing list archives

CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 14 Feb 2016 16:31:52 +0100

Hi

There is a double-free flaw in the ALSA USB MIDI driver:

The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
when tearing down the rawmidi interface. So we shouldn't try to free it
in snd_usbmidi_create() after having registered the rawmidi interface.


This was fixed in https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7

https://lkml.org/lkml/2016/2/13/11

Could you assign a CVE for this issue?

Regards,
Salvatore

Current thread:

CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor Salvatore Bonaccorso (Feb 14)
- Re: CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor cve-assign (Feb 14)