In the Linux kernel, the following vulnerability has been resolved:

ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path

The previous fix for handling the error from setup_card() missed that
an internal URB cdev->ep1_in_urb might have been already submitted
beforehand. In the normal case, this URB gets killed at the
disconnection, but in the error path, we didn't do it, hence there can
be a potential leak.

Fix it in the error path for setup_card(), too.