Updated: 2025-11-19 04:56:06.158924
Description:
In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Released | CLSA-2025:1742319829 | 2025-03-18 23:44:09 | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1739522296 | 2025-02-14 23:51:38 |