CVE-2022-49772

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()<br /> <br /> snd_usbmidi_output_open() has a check of the NULL port with<br /> snd_BUG_ON(). snd_BUG_ON() was used as this shouldn&amp;#39;t have happened,<br /> but in reality, the NULL port may be seen when the device gives an<br /> invalid endpoint setup at the descriptor, hence the driver skips the<br /> allocation. That is, the check itself is valid and snd_BUG_ON()<br /> should be dropped from there. Otherwise it&amp;#39;s confusing as if it were<br /> a real bug, as recently syzbot stumbled on it.