Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization
The recent refactoring of xfi driver changed the assignment of
atc->daios[] at atc_get_resources(); now it loops over all enum
DAIOTYP entries while it looped formerly only a part of them.
The problem is that the last entry, SPDIF1, is a special type that
is used only for hw20k1 CTSB073X model (as a replacement of SPDIFIO),
and there is no corresponding definition for hw20k2. Due to the lack
of the info, it caused a kernel crash on hw20k2, which was already
worked around by the commit b045ab3dff97 ("ALSA: ctxfi: Fix missing
SPDIFI1 index handling").
This patch addresses the root cause of the regression above properly,
simply by skipping the incorrect SPDIF1 type in the parser loop.
For making the change clearer, the code is slightly arranged, too.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1264034 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue May 5 13:22:18 2026CVE page last modified: Fri May 8 12:08:53 2026