Vulnerability in Linux Kernel USB Device Handling for ALSA Caiaq Driver
CVE-2026-31701
What is CVE-2026-31701?
The ALSA Caiaq driver in the Linux kernel presents a vulnerability due to improper reference management on the USB device it interacts with. The driver stores a pointer to its parent USB device without incrementing the reference count, leading to a potential use-after-free scenario. When the card is freed asynchronously, there's a risk of dereferencing a pointer to a freed USB device, which can result in system instability or crashes. Further complicating the issue, the current implementation calls for a device reset in a cleanup callback, which is inappropriate as it conflicts with the ongoing teardown process. To mitigate these risks, the driver needs to incorporate proper reference counting on the USB device using usb_get_dev() and usb_put_dev(), while also removing any inappropriate reset calls during the cleanup phase.
Affected Version(s)
Linux 4507a8b9b30344c5ddd8219945f446d47e966a6d
Linux a3f9314752dbb6f6aa1f0f2b4c58243bda800738 < 1d9be95aee6c6246a21752e60c9519902649f482
Linux b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c < 6473ed16df1fe88051140611b3eb9a49be7f429e