CVE-2026-31776

high

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daio_device_index() for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and return the proper index for this type, too.

References

https://git.kernel.org/stable/c/b045ab3dff97edae6d538eeff900a34c098761f8

https://git.kernel.org/stable/c/950decf59d4e978b60a792ce0b3e1555a608f489

Details

Source: Mitre, NVD

Published: 2026-05-01

Updated: 2026-05-02

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018