CVE-2022-49545

EUVD-2022-54687
In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Cancel pending work at closing a MIDI substream

At closing a USB MIDI output substream, there might be still a pending
work, which would eventually access the rawmidi runtime object that is
being released.  For fixing the race, make sure to cancel the pending
work at closing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
< 5.10.121
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.46
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.14
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
sid
6.12.16-1
fixed
trixie
6.12.12-1
fixed
References
https://git.kernel.org/stable/c/0125de38122f0f66bf61336158d12a1aabfe6425
https://git.kernel.org/stable/c/11868ca21585561659c2575b0d6508ef8e9c4291
https://git.kernel.org/stable/c/40bdb5ec957aca5c5c1924602bef6b0ab18e22d3
https://git.kernel.org/stable/c/517dcef4d2dda0132648f1e4c079ed17bba4d1a4
https://git.kernel.org/stable/c/5e5fe2b6065541c6216a7a003b0cddf386be0d2d