Linux kernel built with the Advanced Linux Sound Architecture(ALSA) sound system support(CONFIG_SND) is vulnerable to an integer overflow flaw. It could occur when user space application removes or adds new controls. A user/application could use this flaw to crash the system kernel resulting in DoS. Upstream fixes: --------------- -> https://git.kernel.org/linus/883a1d49f0d77d30012f114b2e19fc141beb3e8e -> https://git.kernel.org/linus/ac902c112d90a89e59916f751c2745f4dbdbb4bd Reference: ---------- -> http://www.openwall.com/lists/oss-security/2014/06/26/6
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.
IssueDescription: An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2014:1083 https://rhn.redhat.com/errata/RHSA-2014-1083.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0087 https://rhn.redhat.com/errata/RHSA-2015-0087.html