CVE-2011-1476 - Vulnerability Details - OpenCVE

Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38:rc8::::::
	cpe:2.3:o:linux:linux_kernel:2.6.38.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.38.7:::::::*

No data.

References

Link	Providers
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b769f49463711205d57286e64cf535ed4daf59e9
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://www.openwall.com/lists/oss-security/2011/03/25/1
https://github.com/torvalds/linux/commit/b769f49463711205d57286e64cf535ed4daf59e9

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-21T23:00:00

Updated: 2024-08-06T22:28:41.569Z

Reserved: 2011-03-21T00:00:00

Link: CVE-2011-1476

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-06-21T23:55:02.193

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-1476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-25T00:00:00", "descriptions": [{"lang": "en", "value": "Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-08T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110325 Re: CVE request: kernel: two OSS fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b769f49463711205d57286e64cf535ed4daf59e9"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/b769f49463711205d57286e64cf535ed4daf59e9"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.569Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110325 Re: CVE request: kernel: two OSS fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b769f49463711205d57286e64cf535ed4daf59e9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/b769f49463711205d57286e64cf535ed4daf59e9"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1476", "datePublished": "2012-06-21T23:00:00", "dateReserved": "2011-03-21T00:00:00", "dateUpdated": "2024-08-06T22:28:41.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "57A0A2B0-3B9F-40C2-8C7A-CD9590B51315", "versionEndIncluding": "2.6.38.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*", "matchCriteriaId": "7462DB6D-E0A6-4DBB-8E21-66B875184FFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "matchCriteriaId": "2DDCB342-4F5F-4BF1-9624-882BBC57330D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "matchCriteriaId": "C3AB4113-BF83-4587-8A85-0E4FECEE7D9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "matchCriteriaId": "4B57F5AD-A697-4090-89B9-81BC12993A1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "matchCriteriaId": "CA141BCB-A705-4DF5-9EED-746B62C86111", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*", "matchCriteriaId": "E9ECE134-58A3-4B9D-B9B3-F836C0EDD64C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*", "matchCriteriaId": "56186720-6B4C-4D71-85C5-7EAC5C5D84A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*", "matchCriteriaId": "9BBB4630-CBED-43B9-B203-BE65BBF011AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*", "matchCriteriaId": "FD375A78-63D7-441A-9FB0-7BC878AB4EDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5BEFFDD-02BB-4A05-8372-891DBDB9AC5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*", "matchCriteriaId": "766E193D-819C-42EA-8411-AE0013AC15FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*", "matchCriteriaId": "3B39B6AF-6A83-48C2-BED2-79228F8513A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*", "matchCriteriaId": "CD8A68D1-DFE9-4ADB-9FB8-4D69AB4CAFF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*", "matchCriteriaId": "0D6EF951-AF15-4C30-A3A5-3392AA61813C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*", "matchCriteriaId": "15154FA0-65DC-4855-AC70-3ACF92313F49", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*", "matchCriteriaId": "F4B3A9F4-A61F-4919-A173-3E459F0C5AF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer."}, {"lang": "es", "value": "Un desbordamiento de entero en el subsistema 'Open Sound System' (OSS) del kernel de Linux en versiones anteriores a v2.6.39 en plataformas no-x86 permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) mediante el aprovechamiento del acceso de escritura a /dev/sequencer."}], "id": "CVE-2011-1476", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T23:55:02.193", "references": [{"source": "secalert@redhat.com", "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b769f49463711205d57286e64cf535ed4daf59e9"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/torvalds/linux/commit/b769f49463711205d57286e64cf535ed4daf59e9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b769f49463711205d57286e64cf535ed4daf59e9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/torvalds/linux/commit/b769f49463711205d57286e64cf535ed4daf59e9"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}