Skip to main content

Linux Kernel CVE-2026-31775

| EUVDEUVD-2026-26588 MEDIUM
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 05:00 vuln.today
CVSS changed
May 07, 2026 - 02:50 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26588
CVE Published
May 01, 2026 - 14:15 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization

The recent refactoring of xfi driver changed the assignment of atc->daios[] at atc_get_resources(); now it loops over all enum DAIOTYP entries while it looped formerly only a part of them. The problem is that the last entry, SPDIF1, is a special type that is used only for hw20k1 CTSB073X model (as a replacement of SPDIFIO), and there is no corresponding definition for hw20k2. Due to the lack of the info, it caused a kernel crash on hw20k2, which was already worked around by the commit b045ab3dff97 ("ALSA: ctxfi: Fix missing SPDIFI1 index handling").

This patch addresses the root cause of the regression above properly, simply by skipping the incorrect SPDIF1 type in the parser loop.

For making the change clearer, the code is slightly arranged, too.

AnalysisAI

Denial of service in Linux kernel ALSA ctxfi audio driver allows local authenticated attackers to crash the system via improper SPDIF1 enumeration during DAIO initialization on hw20k2 hardware. The vulnerability affects kernel versions 6.19 through 7.0 due to a refactoring that loops over all DAIO types including the hw20k2-incompatible SPDIF1 entry, triggering a kernel crash when the undefined hardware info is accessed. Patch available from Linux stable repositories.

Technical ContextAI

The Linux ALSA (Advanced Linux Sound Architecture) ctxfi driver manages audio I/O (DAIO) resources for specific Creative Sound Blaster audio hardware. The vulnerability resides in the atc_get_resources() function, which initializes the atc->daios[] array by enumerating all DAIOTYP entries. The SPDIF1 type is a special-purpose entry defined only for hw20k1 CTSB073X model hardware (replacing SPDIFIO), but no corresponding hardware definition exists for hw20k2 models. A recent refactoring changed the loop to iterate over all enum entries rather than a filtered subset, causing the driver to attempt initialization of SPDIF1 on hw20k2 hardware where it is undefined, resulting in null pointer dereference or invalid memory access. The root cause is architectural mishandling of hardware-specific device types during resource enumeration.

RemediationAI

Apply the Linux kernel patch from the stable repositories via git or update to a kernel version incorporating commit a79c4c42057818bd9de45d2627464b4f0e02196a or 75dc1980cf48826287e43dc7a49e310c6691f97e. Users should rebuild and install the patched kernel following standard Linux distribution procedures. The patch modifies the atc_get_resources() loop to skip the SPDIF1 enumeration entry on hw20k2 hardware, eliminating the out-of-bounds hardware info access. As a temporary workaround on affected hardware prior to patching, disable ALSA ctxfi driver loading via kernel module blacklist (add 'blacklist snd_ctxfi' to /etc/modprobe.d/) or boot with 'modprobe.blacklist=snd_ctxfi' kernel parameter; this prevents the crash but disables audio functionality on hw20k2 hardware until the patch is applied.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy