In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential memory leaks at error path for UMP open
The allocation and initialization errors at alloc_midi_urbs() that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking free_midi_urbs(). However, free_midi_urbs() loops only for ep->num_urbs entries, and since ep->num_entries wasnt updated yet at the allocation / init error in alloc_midi_urbs(), this entry wont be released.
The intention of free_midi_urbs() is to release the whole elements, so change the loop size to NUM_URBS to scan over all elements for fixing the missed releases.
Also, the call of free_midi_urbs() is missing at snd_usb_midi_v2_open(). Although itll be released later at reopen/close or disconnection, its better to release immediately at the error path.