CVE-2026-31776
Published: May 2, 2026Last modified: May 2, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daio_device_index() for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and return the proper index for this type, too.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.33-r0) |
| 25 LTS | linux-lts | Not affected (6.6.89-r0) | |
| Stream | linux-lts | Not affected (6.1.33-r0) |
References
- https://git.kernel.org/stable/c/28222e13666b5d26bf66563c056069ed32f87b33
- https://git.kernel.org/stable/c/57698f184e1afbe054b3cd30e2c43a67c11d7f5e
- https://git.kernel.org/stable/c/5b39985303a639b159dea306a032c08ef22f029d
- https://git.kernel.org/stable/c/950decf59d4e978b60a792ce0b3e1555a608f489
- https://git.kernel.org/stable/c/a0b45bdfffce9894b39392d061c14fda24de8b67
- https://git.kernel.org/stable/c/a3b0e5f84058a9c3d0542a71c2b3a7801e4ee26a
- https://git.kernel.org/stable/c/b045ab3dff97edae6d538eeff900a34c098761f8
- https://git.kernel.org/stable/c/c8859675f1cf92fe2eb25ef525440702140a0b55