CVE-2026-46004

In the Linux kernel, the following vulnerability has been resolved:

ALSA: caiaq: Handle probe errors properly

The probe procedure of setup card() in caiaq driver doesn't treat the error cases gracefully, e.g. the error from snd card register() calls snd card free() but continues. This would lead to a UAF for the further calls like snd usb caiaq control init(), as Berk suggested in another patch in the link below.

However, the problem is not only that; in general, this function drops the all error handlings (as it's a void function) although its caller can propagate an error to snd probe(), which eventually calls snd card free() as a proper error path. That said, we should treat each error case in setup card(), and just return the error code promptly, which is then handled later as a fatal error in snd probe().

This patch achieves it by changing the setup card() to return an error code. Also, the superfluous snd card free() call is removed, too.

Note that card->private free can be set still safely at returning an error. All called functions in card free() have checks of the unassigned resources or NULL checks.