Berk

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 **Description** A Use-After-Free (UAF) issue exists in the caiaq driver of the Linux kernel. The `setup card()` function does not handle error cases gracefully; specifically, when `snd card register()` returns an error, `snd card free()` is called, but the function continues execution. This leads to a UAF during subsequent calls, such as `snd usb caiaq control init()`. Additionally, because `setup card()` was a void function, it failed to propagate error codes to `snd probe()`, which is responsible for the proper error path and calling `snd card free()`. **Recommendations** For openSUSE Tumbleweed, update to version kernel-devel-7.0.11-1.1. At the moment, there is no information about a newer version that contains a fix for this vulnerability for the Linux kernel.