Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: ctxfi: Check the error for index mapping

The ctxfi driver blindly assumed a proper value returned from
daio_device_index(), but it's not always true. Add a proper error
check to deal with the error from the function.
Published: 2026-05-01
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ctxfi driver in the Linux kernel assumes that the function daio_device_index() always returns a valid index, but the function can fail. Because the driver does not check the return value, an invalid index may be used, which can cause kernel instability or an unexpected crash. The weakness is represented by CWE-252 (Unchecked Return Value).

Affected Systems

The affected product is the Linux kernel. No specific kernel versions are enumerated in the CVE data, so any kernel that includes the ctxfi driver and has not yet incorporated the patch that introduces the error check may be vulnerable. The vendor is Linux.

Risk and Exploitability

The CVSS score of 7.0 indicates a high severity issue. The EPSS score of < 1% indicates a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, implying that no known public exploit exists at this time. The most likely attack vector is a local kernel‑level interaction; an attacker would need to trigger a failure in daio_device_index() while the ctxfi driver is active. If exploited, the result could be a kernel crash leading to denial of service.

Generated by OpenCVE AI on May 2, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch introduced by commit 277c6960d4ddb94d16198afd70c92c3d4593d131 or d4d3b8cbb70a2de247cbfe99bdb232aef9ed59bc.
  • If an update is not yet available, blacklist or otherwise prevent the ctxfi module from loading during boot to avoid the code path that can lead to instability.
  • Verify that any DAIO devices on the system are correctly configured so that daio_device_index() is not invoked without proper error handling, reducing the risk of unexpected failure.

Generated by OpenCVE AI on May 2, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Sat, 02 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-252
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from the function.
Title ALSA: ctxfi: Check the error for index mapping
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-02T06:14:27.212Z

Reserved: 2026-03-09T15:48:24.140Z

Link: CVE-2026-31777

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:41.087

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31777

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31777 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T16:00:06Z

Weaknesses