CVE-2026-31619

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: fireworks: bound device-supplied status before string array lookup<br /> <br /> The status field in an EFW response is a 32-bit value supplied by the<br /> firewire device. efr_status_names[] has 17 entries so a status value<br /> outside that range goes off into the weeds when looking at the %s value.<br /> <br /> Even worse, the status could return EFR_STATUS_INCOMPLETE which is<br /> 0x80000000, and is obviously not in that array of potential strings.<br /> <br /> Fix this up by properly bounding the index against the array size and<br /> printing "unknown" if it&amp;#39;s not recognized.