CVE-2025-39997 ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free

🗓️ 15 Oct 2025 07:58:21Reported by LinuxType

ALSA usb-audio fixes race condition to use-after-free in snd_usbmidi_free by killing error timer and urb before free.

Reporter	Title	Published	Views	Family All 129
AstraLinux	Astra Linux - уязвимость в linux-5.10	20 May 202605:53	–	astralinux
Circl	CVE-2025-39997	15 Oct 202509:04	–	circl
CNNVD	Linux kernel 安全漏洞	15 Oct 202500:00	–	cnnvd
CVE	CVE-2025-39997	15 Oct 202507:58	–	cve
Debian CVE	CVE-2025-39997	15 Oct 202507:58	–	debiancve
EUVD	EUVD-2025-34576	15 Oct 202509:30	–	euvd
NVD	CVE-2025-39997	15 Oct 202508:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20091-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:4057-1)	13 Nov 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:4128-1)	19 Nov 202500:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "sound/usb/midi.c"
    ],
    "versions": [
      {
        "version": "06513dd6d32c37d0364db8488cfdf3e14da238a8",
        "lessThan": "e63f049c7764b615d1d50cb486745fa63372b42d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "efaf61052b8ff9ee8968912fbaf02c2847c78ede",
        "lessThan": "e16985513e89466a236d2a7c202783b4dd0c5a46",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "647410a7da46067953a53c0d03f8680eff570959",
        "lessThan": "dc4874366cf6cf4a31d8fa4b7f0e2a5b2d7647ba",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c611b9e55174e439dcd85a72969b43a95f3827a4",
        "lessThan": "647d6b8d22be12842fde6ed0c56859ebc615f21e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1",
        "lessThan": "af600e7f5526d16146b3ae99f6ad57bfea79ca33",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1",
        "lessThan": "353d8c715cc951a980728133c9dd64ca5a0a186c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1",
        "lessThan": "9f2c0ac1423d5f267e7f1d1940780fc764b0fee3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "62066758d2ae169278e5d6aea5995b1b6f6ddeb5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6.1.167",
        "lessThan": "6.1.175",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "6.15.3",
        "lessThan": "6.16",
        "status": "affected",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "sound/usb/midi.c"
    ],
    "versions": [
      {
        "version": "6.16",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.16",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.175",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.11",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17.1",
        "lessThanOrEqual": "6.17.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/9f2c0ac1423d5f267e7f1d1940780fc764b0fee3
git	www.git.kernel.org/stable/c/dc4874366cf6cf4a31d8fa4b7f0e2a5b2d7647ba
git	www.git.kernel.org/stable/c/e16985513e89466a236d2a7c202783b4dd0c5a46
git	www.git.kernel.org/stable/c/353d8c715cc951a980728133c9dd64ca5a0a186c
git	www.git.kernel.org/stable/c/af600e7f5526d16146b3ae99f6ad57bfea79ca33
git	www.git.kernel.org/stable/c/e63f049c7764b615d1d50cb486745fa63372b42d
git	www.git.kernel.org/stable/c/647d6b8d22be12842fde6ed0c56859ebc615f21e

01 Jun 2026 16:05Current

EPSS0.00187