A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer->max_instances check leading to an invalid address. This could lead to a use-after-free vulnerability.
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.