{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31619", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.123Z", "datePublished": "2026-04-24T14:42:37.944Z", "dateUpdated": "2026-05-11T22:12:18.737Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:12:18.737Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: fireworks: bound device-supplied status before string array lookup\n\nThe status field in an EFW response is a 32-bit value supplied by the\nfirewire device. efr_status_names[] has 17 entries so a status value\noutside that range goes off into the weeds when looking at the %s value.\n\nEven worse, the status could return EFR_STATUS_INCOMPLETE which is\n0x80000000, and is obviously not in that array of potential strings.\n\nFix this up by properly bounding the index against the array size and\nprinting \"unknown\" if it's not recognized."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/firewire/fireworks/fireworks_command.c"], "versions": [{"version": "bde8a8f23bbe6db51fa4e81644273af18fef3d7a", "lessThan": "f856f4b6efd51be7950e4b84c06cd961961ca41c", "status": "affected", "versionType": "git"}, {"version": "bde8a8f23bbe6db51fa4e81644273af18fef3d7a", "lessThan": "e103f98f6615ed2934e9cf340654f0cad9eb8a8a", "status": "affected", "versionType": "git"}, {"version": "bde8a8f23bbe6db51fa4e81644273af18fef3d7a", "lessThan": "67cfd14074cdafab5de3f7cfc0952c1a9b653e5d", "status": "affected", "versionType": "git"}, {"version": "bde8a8f23bbe6db51fa4e81644273af18fef3d7a", "lessThan": "cc624b3d2be13297100539b64ad950695188e046", "status": "affected", "versionType": "git"}, {"version": "bde8a8f23bbe6db51fa4e81644273af18fef3d7a", "lessThan": "682d8accf0d83a871e8c327b95c81f53902c922b", "status": "affected", "versionType": "git"}, {"version": "bde8a8f23bbe6db51fa4e81644273af18fef3d7a", "lessThan": "07704bbf36f57e4379e4cadf96410dab14621e3b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/firewire/fireworks/fireworks_command.c"], "versions": [{"version": "3.16", "status": "affected"}, {"version": "0", "lessThan": "3.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.136", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.83", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.24", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.14", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.1", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "6.6.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "6.12.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "6.18.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "6.19.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "7.0.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f856f4b6efd51be7950e4b84c06cd961961ca41c"}, {"url": "https://git.kernel.org/stable/c/e103f98f6615ed2934e9cf340654f0cad9eb8a8a"}, {"url": "https://git.kernel.org/stable/c/67cfd14074cdafab5de3f7cfc0952c1a9b653e5d"}, {"url": "https://git.kernel.org/stable/c/cc624b3d2be13297100539b64ad950695188e046"}, {"url": "https://git.kernel.org/stable/c/682d8accf0d83a871e8c327b95c81f53902c922b"}, {"url": "https://git.kernel.org/stable/c/07704bbf36f57e4379e4cadf96410dab14621e3b"}], "title": "ALSA: fireworks: bound device-supplied status before string array lookup", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7482AD77-8977-4A6A-96C0-1B7E86AC25E9", "versionEndExcluding": "6.6.136", "versionStartIncluding": "3.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8", "versionEndExcluding": "6.12.83", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8126B8B8-6D0B-4443-86C1-672AEE893555", "versionEndExcluding": "6.18.24", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A8A074-BBF4-4803-ABED-519A839435BB", "versionEndExcluding": "6.19.14", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B5888AB-7403-4335-89E4-21CC0B48366A", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: fireworks: bound device-supplied status before string array lookup\n\nThe status field in an EFW response is a 32-bit value supplied by the\nfirewire device. efr_status_names[] has 17 entries so a status value\noutside that range goes off into the weeds when looking at the %s value.\n\nEven worse, the status could return EFR_STATUS_INCOMPLETE which is\n0x80000000, and is obviously not in that array of potential strings.\n\nFix this up by properly bounding the index against the array size and\nprinting \"unknown\" if it's not recognized."}], "id": "CVE-2026-31619", "lastModified": "2026-04-28T14:09:16.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:41.180", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07704bbf36f57e4379e4cadf96410dab14621e3b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/67cfd14074cdafab5de3f7cfc0952c1a9b653e5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/682d8accf0d83a871e8c327b95c81f53902c922b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc624b3d2be13297100539b64ad950695188e046"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e103f98f6615ed2934e9cf340654f0cad9eb8a8a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f856f4b6efd51be7950e4b84c06cd961961ca41c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: fireworks: bound device-supplied status before string array lookup", "id": "2461495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461495"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-1285", "details": ["A flaw was found in the Linux kernel's ALSA fireworks driver. A malicious firewire device could supply a specially crafted status value, causing an out-of-bounds read during a string array lookup. This vulnerability may lead to a denial of service (DoS) or potentially information disclosure."], "name": "CVE-2026-31619", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31619\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31619\nhttps://lore.kernel.org/linux-cve-announce/2026042424-CVE-2026-31619-4a8c@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bde8a8f23bbe6db51fa4e81644273af18fef3d7a,f856f4b6efd51be7950e4b84c06cd961961ca41c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bde8a8f23bbe6db51fa4e81644273af18fef3d7a,e103f98f6615ed2934e9cf340654f0cad9eb8a8a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bde8a8f23bbe6db51fa4e81644273af18fef3d7a,67cfd14074cdafab5de3f7cfc0952c1a9b653e5d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bde8a8f23bbe6db51fa4e81644273af18fef3d7a,cc624b3d2be13297100539b64ad950695188e046)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bde8a8f23bbe6db51fa4e81644273af18fef3d7a,682d8accf0d83a871e8c327b95c81f53902c922b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bde8a8f23bbe6db51fa4e81644273af18fef3d7a,07704bbf36f57e4379e4cadf96410dab14621e3b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,3.16)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.136,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.83,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.24,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.14,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.1,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T20:10:04.437665+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that includes the patch for CVE\u20112026\u201131619.", "If an upgrade is not possible, disable the ALSA Firewire modules on systems that do not require FireWire support by blacklisting firewire\u2011core and firewire\u2011ohci modules.", "Continuously inspect kernel logs for Firewire\u2011related errors or crashes; investigate any anomalous entries to confirm that the issue has been mitigated."], "summary": {"action": "Apply patch", "impact": "Denial of Service via out-of-bounds array access in ALSA Firewire driver"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that load the ALSA Firewire driver \u2013 including the firewire-core, firewire-ohci, and associated ALSA firewire modules \u2013 are affected. Any distribution that includes these modules, regardless of the specific kernel release, remains vulnerable until the patch is applied.", "description_and_impact": "A flaw in the ALSA Firewire driver causes a device-supplied status value to be used as an index into a fixed-length string array without proper bounds checking. The status field can be any 32\u2011bit value, and if it lies outside the array of 17 valid entries, the kernel accesses memory beyond the array bounds, potentially leading to a kernel fault or memory disclosure. The weakness is a bounds checking failure (CWE-1285). The vulnerability does not provide remote code execution, but it can trigger a system crash, resulting in a denial\u2011of\u2011service condition.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a medium severity. The EPSS score of less than 1\u202f% shows a low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need physical or local access to a FireWire device connected to the system to provide a crafted status value. The likely attack vector is local via hardware device, making the exploitation more restrictive than remote attacks."}}}}, "created": "2026-04-27T18:45:11.330093+00:00", "updated": "2026-04-28T20:15:26.824868+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}