ALSA: ctxfi: Limit PTP to a single page

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-31602
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-04-24 15:16:39 UTC
Updated2026-04-29 20:16:49 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CT_PTP_NUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple VMEM_PTPAL registers, but using them separately would require refactoring the entire virtual memory allocation logic. ct_vm_map() always uses PTEs in vm->ptp[0].area regardless of CT_PTP_NUM. On AMD64 systems, a single PTP covers 512 PTEs (2M). When aggregate memory allocations exceed this limit, ct_vm_map() tries to access beyond the allocated space and causes a page fault: BUG: unable to handle page fault for address: ffffd4ae8a10a000 Oops: Oops: 0002 [#1] SMP PTI RIP: 0010:ct_vm_map+0x17c/0x280 [snd_ctxfi] Call Trace: atc_pcm_playback_prepare+0x225/0x3b0 ct_pcm_playback_prepare+0x38/0x60 snd_pcm_do_prepare+0x2f/0x50 snd_pcm_action_single+0x36/0x90 snd_pcm_action_nonatomic+0xbf/0xd0 snd_pcm_ioctl+0x28/0x40 __x64_sys_ioctl+0x97/0xe0 do_syscall_64+0x81/0x610 entry_SYSCALL_64_after_hwframe+0x76/0x7e Revert CT_PTP_NUM to 1. The 256 SRC_RESOURCE_NUM and playback_count remain unchanged.

Risk And Classification

Primary CVSS: v3.1 7.8 HIGH from 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.000180000 probability, percentile 0.048130000 (date 2026-04-27)

Problem Types: NVD-CWE-noinfo

VersionSourceTypeScoreSeverityVector
3.1416baaa9-dc9f-4396-8d5f-8c081fb06d67Secondary7.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1CNADECLARED7.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 391e69143d0a05f960e3ab39a8c26b7b230bb8a9 452894005b4abe141b11fe01e7bfe152e6d3860f git Not specified
CNA Linux Linux affected 391e69143d0a05f960e3ab39a8c26b7b230bb8a9 365c36e1a126c6aa1aecedd3a351bcabc66f0c29 git Not specified
CNA Linux Linux affected 391e69143d0a05f960e3ab39a8c26b7b230bb8a9 3fd0685d7fef68c2d8a04876bcf9eaa0724ad6a5 git Not specified
CNA Linux Linux affected 391e69143d0a05f960e3ab39a8c26b7b230bb8a9 b7f5ecd13cce8c2f8fa5a84c9aab65997142577e git Not specified
CNA Linux Linux affected 391e69143d0a05f960e3ab39a8c26b7b230bb8a9 ad9011a795407093dcf507f6e5da1828987b4b47 git Not specified
CNA Linux Linux affected 391e69143d0a05f960e3ab39a8c26b7b230bb8a9 e9418da50d9e5c496c22fe392e4ad74c038a94eb git Not specified
CNA Linux Linux affected 3.2 Not specified
CNA Linux Linux unaffected 3.2 semver Not specified
CNA Linux Linux unaffected 6.6.136 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.83 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.24 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.14 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0.1 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1-rc1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/b7f5ecd13cce8c2f8fa5a84c9aab65997142577e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/452894005b4abe141b11fe01e7bfe152e6d3860f 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/365c36e1a126c6aa1aecedd3a351bcabc66f0c29 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/e9418da50d9e5c496c22fe392e4ad74c038a94eb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/ad9011a795407093dcf507f6e5da1828987b4b47 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/3fd0685d7fef68c2d8a04876bcf9eaa0724ad6a5 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report