{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ALSA: fireworks: bound device-supplied status before string array lookup",
    "id" : "2461495",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461495"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-1285",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nALSA: fireworks: bound device-supplied status before string array lookup\nThe status field in an EFW response is a 32-bit value supplied by the\nfirewire device.  efr_status_names[] has 17 entries so a status value\noutside that range goes off into the weeds when looking at the %s value.\nEven worse, the status could return EFR_STATUS_INCOMPLETE which is\n0x80000000, and is obviously not in that array of potential strings.\nFix this up by properly bounding the index against the array size and\nprinting \"unknown\" if it's not recognized.", "A flaw was found in the Linux kernel's ALSA fireworks driver. A malicious firewire device could supply a specially crafted status value, causing an out-of-bounds read during a string array lookup. This vulnerability may lead to a denial of service (DoS) or potentially information disclosure." ],
  "statement" : "FireWire Echo Audio `fireworks` status indices are now bounded before table lookup, closing OOB read from a malicious device. Red Hat recommends patched kernels when FireWire audio is exposed; unload `snd_fireworks` if unused.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31619\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31619\nhttps://lore.kernel.org/linux-cve-announce/2026042424-CVE-2026-31619-4a8c@gregkh/T" ],
  "name" : "CVE-2026-31619",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the snd_fireworks module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.",
    "lang" : "en:us"
  },
  "csaw" : false
}