A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. References: https://patchwork.kernel.org/patch/8752621/ Upstream patch: https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 CVE-ID request+assign: http://seclists.org/oss-sec/2016/q4/575
Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.