Unrated severityNVD Advisory· Published Jun 21, 2012· Updated Apr 29, 2026
CVE-2011-1477
CVE-2011-1477
Description
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.
Affected products
2- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:lts:*:*:*
Patches
14d00135a6807sound/oss/opl3: validate voice and channel indexes
1 file changed · +13 −2
sound/oss/opl3.c+13 −2 modified@@ -845,6 +845,10 @@ static int opl3_load_patch(int dev, int format, const char __user *addr, static void opl3_panning(int dev, int voice, int value) { + + if (voice < 0 || voice >= devc->nr_voice) + return; + devc->voc[voice].panning = value; } @@ -1062,8 +1066,15 @@ static int opl3_alloc_voice(int dev, int chn, int note, struct voice_alloc_info static void opl3_setup_voice(int dev, int voice, int chn) { - struct channel_info *info = - &synth_devs[dev]->chn_info[chn]; + struct channel_info *info; + + if (voice < 0 || voice >= devc->nr_voice) + return; + + if (chn < 0 || chn > 15) + return; + + info = &synth_devs[dev]->chn_info[chn]; opl3_set_instr(dev, voice, info->pgm_num);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4dfnvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlnvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2011/03/25/1nvdThird Party AdvisoryVDB Entry
- ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39nvdBroken Link
- git.kernel.orgnvd
News mentions
0No linked articles in our index yet.