Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:ALSA: 6fire: Release resources at card releaseThe current 6fire code tries to release the resources right after thecall of usb6fire_chip_abort(). But at this moment, the card objectmight be still in use (as we're calling snd_card_free_when_closed()).For avoid potential UAFs, move the release of resources to the card'sprivate_free instead of the manual call of usb6fire_chip_destroy() atthe USB disconnect callback.
No PoCs from references.
- https://github.com/cku-heise/euvd-api-doc
- https://github.com/w4zu/Debian_security