Bug 2401488 (CVE-2022-50484)

Summary: CVE-2022-50484 kernel: ALSA: usb-audio: Fix potential memory leaks
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A memory leak was found in the Linux kernel's USB audio driver in the synchronization endpoint URB allocation path. When memory allocation fails partway through allocating URBs for a sync endpoint, the error handling code fails to release the partially allocated URBs because the endpoint's URB counter hasn't been updated yet. This leaves allocated URBs orphaned in memory, leading to resource exhaustion and denial of service with repeated failures.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-04 16:03:21 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix potential memory leaks

When the driver hits -ENOMEM at allocating a URB or a buffer, it
aborts and goes to the error path that releases the all previously
allocated resources.  However, when -ENOMEM hits at the middle of the
sync EP URB allocation loop, the partially allocated URBs might be
left without released, because ep->nurbs is still zero at that point.

Fix it by setting ep->nurbs at first, so that the error handler loops
over the full URB list.
Comment 1 Alexander B 2025-10-06 15:57:09 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100440-CVE-2022-50484-1a6a@gregkh/T