Updated: 2025-11-19 04:56:06.158924
Description:
In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1743193221 | 2025-02-22 01:13:07 | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1740075135 | 2025-03-04 21:55:50 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1742471200 | 2025-03-21 03:33:07 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1742469561 | 2025-03-21 03:33:07 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1740071073 | 2025-02-21 06:37:05 | |
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Ignored | 2025-02-26 07:10:07 | CL7 support is limited | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1742322442 | 2025-03-25 03:28:34 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.8 | HIGH | Needs Triage | 2025-11-19 08:45:29 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1750353839 | 2025-06-20 00:30:03 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1739526606 | 2025-02-14 23:51:42 |