DescriptionIn the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.218-1fixed
bullseye (security)5.10.221-1fixed
bookworm (security)6.1.90-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster(not affected)
linuxsourcebullseye(not affected)


[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present) (6.10-rc1)

Search for package or bug name: Reporting problems