CVE-2026-31775
Awaiting Analysis Awaiting Analysis - Queue
Linux Kernel Kernel Crash in ALSA ctxfi Driver

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc->daios[] at atc_get_resources(); now it loops over all enum DAIOTYP entries while it looped formerly only a part of them. The problem is that the last entry, SPDIF1, is a special type that is used only for hw20k1 CTSB073X model (as a replacement of SPDIFIO), and there is no corresponding definition for hw20k2. Due to the lack of the info, it caused a kernel crash on hw20k2, which was already worked around by the commit b045ab3dff97 ("ALSA: ctxfi: Fix missing SPDIFI1 index handling"). This patch addresses the root cause of the regression above properly, simply by skipping the incorrect SPDIF1 type in the parser loop. For making the change clearer, the code is slightly arranged, too.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-05-07
AI Q&A
2026-05-01
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31775
EUVD
EUVD-2026-26588
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to the Linux kernel's ALSA ctxfi driver. A recent change in the xfi driver caused it to loop over all DAIOTYP entries during resource assignment, including a special entry called SPDIF1. SPDIF1 is only defined for the hw20k1 CTSB073X model and not for hw20k2. Because of this, when the driver tried to handle SPDIF1 on hw20k2 hardware, it caused a kernel crash.

The vulnerability was caused by the driver incorrectly enumerating the SPDIF1 type during initialization, which led to instability on certain hardware. The fix involved skipping the SPDIF1 type in the parser loop to prevent the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash on specific hardware (hw20k2) when the ALSA ctxfi driver incorrectly processes the SPDIF1 audio interface type. Such a kernel crash can lead to system instability, unexpected reboots, or denial of service on affected systems.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by a patch that modifies the ALSA ctxfi driver to skip the incorrect SPDIF1 type during initialization, preventing kernel crashes on hw20k2 models.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart