The flaw is in the seqiv IV generator and can lead to a use-after-free when backlogged crypto requests return -EBUSY. Triggering it is easier locally by flooding the kernel crypto API (e.g. via AF_ALG or many concurrent AEAD requests) because the attacker must create backlog conditions. Remote triggering is much harder and only realistic for specific configurations (for example an in-kernel IPsec/TLS path that uses seqiv for AEAD). In practice this means an unprivileged local user with access to the kernel crypto interface is the most likely threat vector, while a remote attacker would need the target to both use seqiv and be inducible into heavy crypto backlog.

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors.

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control.