CVE-2012-6703

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.6-rc6-next-20120917

Description The issue is related to an integer overflow in the snd compr allocate buffer function in the ALSA subsystem. This can be exploited by local users via a crafted SNDRV COMPRESS SET PARAMS ioctl call, potentially leading to a denial of service due to insufficient memory allocation or other unspecified impacts.

Recommendations For Linux kernel versions prior to 3.6-rc6-next-20120917, update to a version 3.6-rc6-next-20120917 or later to resolve the issue. As a temporary workaround, consider restricting access to the snd compr allocate buffer function or the SNDRV COMPRESS SET PARAMS ioctl call to minimize the risk of exploitation.