CVE-2026-31778

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.31-rc1 and later (affected versions not specified)

Description A stack out-of-bounds read exists in the ALSA caiaq component within the init card function. The issue occurs during the creation of a whitespace-stripped copy of the card shortname, where the bounds check len < sizeof(card->id) allows the buffer to be completely filled, overwriting the terminating null byte. When this non-null-terminated string is processed by the copy valid id string() function (called via snd card set id()), the system reads past the end of the stack buffer. This can be triggered by a USB device with a product name containing numerous non-ASCII, non-space characters, such as multibyte UTF-8.

Recommendations Update the Linux kernel to a version where the loop bound in init card is changed to sizeof(card->id) - 1 to ensure the null terminator is preserved.