CVE-2026-45992

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak. Fix it in the error path for setup_card(), too.

References

• https://git.kernel.org/stable/c/0a7b5221b5b51cc798fcfc3be00d02eade149d69
• https://git.kernel.org/stable/c/1d160e30aa42b7c41163e51366bb34432367260d
• https://git.kernel.org/stable/c/438ab932dc6fef5b001dfeba08a18a491edc8f7b
• https://git.kernel.org/stable/c/be62c8bb03b6aec3790a943d4a7567d4d73b8be9
• https://git.kernel.org/stable/c/e0fb842af7052f0ab9e709db0c59300aa4051fc0