Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: fireworks: bound device-supplied status before string array lookup

The status field in an EFW response is a 32-bit value supplied by the
firewire device. efr_status_names[] has 17 entries so a status value
outside that range goes off into the weeds when looking at the %s value.

Even worse, the status could return EFR_STATUS_INCOMPLETE which is
0x80000000, and is obviously not in that array of potential strings.

Fix this up by properly bounding the index against the array size and
printing "unknown" if it's not recognized.
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via out-of-bounds array access in ALSA Firewire driver
Action: Apply patch
AI Analysis

Impact

A flaw in the ALSA Firewire driver causes a device-supplied status value to be used as an index into a fixed-length string array without proper bounds checking. The status field can be any 32‑bit value, and if it lies outside the array of 17 valid entries, the kernel accesses memory beyond the array bounds, potentially leading to a kernel fault or memory disclosure. The weakness is a bounds checking failure (CWE-1285). The vulnerability does not provide remote code execution, but it can trigger a system crash, resulting in a denial‑of‑service condition.

Affected Systems

All Linux kernel installations that load the ALSA Firewire driver – including the firewire-core, firewire-ohci, and associated ALSA firewire modules – are affected. Any distribution that includes these modules, regardless of the specific kernel release, remains vulnerable until the patch is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity. The EPSS score of less than 1 % shows a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need physical or local access to a FireWire device connected to the system to provide a crafted status value. The likely attack vector is local via hardware device, making the exploitation more restrictive than remote attacks.

Generated by OpenCVE AI on April 28, 2026 at 20:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the patch for CVE‑2026‑31619.
  • If an upgrade is not possible, disable the ALSA Firewire modules on systems that do not require FireWire support by blacklisting firewire‑core and firewire‑ohci modules.
  • Continuously inspect kernel logs for Firewire‑related errors or crashes; investigate any anomalous entries to confirm that the issue has been mitigated.

Generated by OpenCVE AI on April 28, 2026 at 20:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Tue, 28 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Mon, 27 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
References

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efr_status_names[] has 17 entries so a status value outside that range goes off into the weeds when looking at the %s value. Even worse, the status could return EFR_STATUS_INCOMPLETE which is 0x80000000, and is obviously not in that array of potential strings. Fix this up by properly bounding the index against the array size and printing "unknown" if it's not recognized.
Title ALSA: fireworks: bound device-supplied status before string array lookup
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:12:18.737Z

Reserved: 2026-03-09T15:48:24.123Z

Link: CVE-2026-31619

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:41.180

Modified: 2026-04-28T14:09:16.360

Link: CVE-2026-31619

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31619 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:15:26Z

Weaknesses