Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization

The recent refactoring of xfi driver changed the assignment of
atc->daios[] at atc_get_resources(); now it loops over all enum
DAIOTYP entries while it looped formerly only a part of them.
The problem is that the last entry, SPDIF1, is a special type that
is used only for hw20k1 CTSB073X model (as a replacement of SPDIFIO),
and there is no corresponding definition for hw20k2. Due to the lack
of the info, it caused a kernel crash on hw20k2, which was already
worked around by the commit b045ab3dff97 ("ALSA: ctxfi: Fix missing
SPDIFI1 index handling").

This patch addresses the root cause of the regression above properly,
simply by skipping the incorrect SPDIF1 type in the parser loop.

For making the change clearer, the code is slightly arranged, too.
Published: 2026-05-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

When the ALSA ctxfi driver initializes, it now loops over all DAIOTYP entries instead of just the supported ones. The last entry, SPDIF1, is only defined for a specific hardware model (hw20k1). On hardware that lacks this definition (such as hw20k2), the driver attempts to use a non‑existent description, causing a kernel panic. The crash leads to an immediate denial of service until the system is rebooted. This weakness is caused by lack of validation when accessing hardware‑specific resources, effectively an out‑of‑bounds array access or missing error handling.

Affected Systems

The vulnerability applies to Linux kernels that include the refactored xfi driver without the recent commit that skips SPDIF1. It specifically impacts systems that load the ALSA ctxfi audio driver on hardware platforms that do not support SPDIF1, such as the hw20k2 model. The exact kernel release vector is not listed, so any build prior to the patch is potentially affected.

Risk and Exploitability

The flaw can cause a kernel crash, compromising system availability. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local; it would be triggered during the audio subsystem initialization at boot or when the driver is loaded, requiring kernel‑mode execution. Because the issue is internal to the driver, it does not directly expose data but results in a system outage.

Generated by OpenCVE AI on May 2, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the fix that skips SPDIF1 during device resource enumeration.
  • If an upgrade cannot be performed immediately, disable or blacklist the ALSA ctxfi driver on affected hardware to prevent the crash.
  • Monitor the system for unexpected reboots or crashes that may indicate other remaining unpatched issues.

Generated by OpenCVE AI on May 2, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-758

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc->daios[] at atc_get_resources(); now it loops over all enum DAIOTYP entries while it looped formerly only a part of them. The problem is that the last entry, SPDIF1, is a special type that is used only for hw20k1 CTSB073X model (as a replacement of SPDIFIO), and there is no corresponding definition for hw20k2. Due to the lack of the info, it caused a kernel crash on hw20k2, which was already worked around by the commit b045ab3dff97 ("ALSA: ctxfi: Fix missing SPDIFI1 index handling"). This patch addresses the root cause of the regression above properly, simply by skipping the incorrect SPDIF1 type in the parser loop. For making the change clearer, the code is slightly arranged, too.
Title ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:15:03.664Z

Reserved: 2026-03-09T15:48:24.140Z

Link: CVE-2026-31775

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:40.863

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31775

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T07:30:36Z

Weaknesses