CVE-2026-31619

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the ALSA fireworks component where the system fails to properly validate the status field in an EFW response. This field is a 32-bit value supplied by the firewire device. Because the efr status names[] array contains only 17 entries, a status value outside this range, such as EFR STATUS INCOMPLETE (0x80000000), can lead to an out-of-bounds memory access when attempting to look up the corresponding string value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.