Main Vulnerability Database Vulnerabilities #VU127772

Out-of-bounds read in Linux kernel - CVE-2026-31619

Published: April 25, 2026

Vulnerability identifier: #VU127772

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-31619

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to an out-of-bounds read in the efr_status_names[] string array lookup in the ALSA fireworks driver when processing a device-supplied EFW response status value. A local user can supply a crafted status value from a firewire device to cause a denial of service.

How to mitigate CVE-2026-31619

Install security update from vendor's repository.

Sources

https://git.kernel.org/stable/c/67cfd14074cdafab5de3f7cfc0952c1a9b653e5d
https://git.kernel.org/stable/c/682d8accf0d83a871e8c327b95c81f53902c922b
https://git.kernel.org/stable/c/cc624b3d2be13297100539b64ad950695188e046
https://git.kernel.org/stable/c/e103f98f6615ed2934e9cf340654f0cad9eb8a8a

Out-of-bounds read in Linux kernel - CVE-2026-31619

Detailed vulnerability description

How to mitigate CVE-2026-31619

Sources

Please verify you're human