CVE-2026-31619
ALSA: fireworks: bound device-supplied status before string array lookup
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efr_status_names[] has 17 entries so a status value outside that range goes off into the weeds when looking at the %s value. Even worse, the status could return EFR_STATUS_INCOMPLETE which is 0x80000000, and is obviously not in that array of potential strings. Fix this up by properly bounding the index against the array size and printing "unknown" if it's not recognized.
| Vendor | linux |
| Product | linux |
| Ecosystems | |
| Industries | Technology |
| Published | Apr 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for linux linux
Be the first to know when new unknown vulnerabilities affecting linux linux are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Linux / Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e103f98f6615ed2934e9cf340654f0cad9eb8a8a 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67cfd14074cdafab5de3f7cfc0952c1a9b653e5d 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cc624b3d2be13297100539b64ad950695188e046 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 682d8accf0d83a871e8c327b95c81f53902c922b
Linux / Linux
All versions affected References
git.kernel.org: https://git.kernel.org/stable/c/e103f98f6615ed2934e9cf340654f0cad9eb8a8a git.kernel.org: https://git.kernel.org/stable/c/67cfd14074cdafab5de3f7cfc0952c1a9b653e5d git.kernel.org: https://git.kernel.org/stable/c/cc624b3d2be13297100539b64ad950695188e046 git.kernel.org: https://git.kernel.org/stable/c/682d8accf0d83a871e8c327b95c81f53902c922b