DEBIAN-CVE-2025-71192

DEBIAN-CVE-2025-71192 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup. Found by code review.

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	linux	*, 6.12.69-1, 6.12.63-1
Debian:14	linux	6.12.69-1, 6.12.73-1, 6.12.73-1
Debian:11	linux-6.1	6.1.106-3~deb11u2, 6.1.106-3~deb11u3, 6.1.128-1~deb11u1
Debian:12	linux	6.1.119-1, 6.1.112-1, 6.1.106-3
Debian:11	linux	*, 6.17.7-2, 6.16.10-1

Exploit Intelligence

4081.3.7.yml (github-poc)

Timeline

Feb 4, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-71192 advisory

Open in Interactive Console →