In the Linux kernel, the following vulnerability has been resolved:
nfc: nfcmrvl: Fix memory leak in nfcmrvlplaydeferred
Similar to the handling of playdeferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in playdeferred"), we thought a patch might be needed here as well.
Currently usbsubmiturb is called directly to submit deferred tx urbs after unanchor them.
So the usbgivebackurbbh would failed to unref it in usbunanchor_urb and cause memory leak.
Put those urbs in tx_anchor to avoid the leak, and also fix the error handling.