CVE-2026-31776

HIGH EPSS 2.2%
Published May 1, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 1, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daio_device_index() for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and return the proper index for this type, too.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/950decf59d4e978b60a792ce0b3e1555a608f489
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b045ab3dff97edae6d538eeff900a34c098761f8
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/950decf59d4e978b60a792ce0b3e1555a608f489
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b045ab3dff97edae6d538eeff900a34c098761f8
    Patch