CVE-2026-31602

EUVD-2026-25495
In the Linux kernel, the following vulnerability has been resolved:

ALSA: ctxfi: Limit PTP to a single page

Commit 391e69143d0a increased CT_PTP_NUM from 1 to 4 to support 256
playback streams, but the additional pages are not used by the card
correctly. The CT20K2 hardware already has multiple VMEM_PTPAL
registers, but using them separately would require refactoring the
entire virtual memory allocation logic.

ct_vm_map() always uses PTEs in vm->ptp[0].area regardless of
CT_PTP_NUM. On AMD64 systems, a single PTP covers 512 PTEs (2M). When
aggregate memory allocations exceed this limit, ct_vm_map() tries to
access beyond the allocated space and causes a page fault:

  BUG: unable to handle page fault for address: ffffd4ae8a10a000
  Oops: Oops: 0002 [#1] SMP PTI
  RIP: 0010:ct_vm_map+0x17c/0x280 [snd_ctxfi]
  Call Trace:
  atc_pcm_playback_prepare+0x225/0x3b0
  ct_pcm_playback_prepare+0x38/0x60
  snd_pcm_do_prepare+0x2f/0x50
  snd_pcm_action_single+0x36/0x90
  snd_pcm_action_nonatomic+0xbf/0xd0
  snd_pcm_ioctl+0x28/0x40
  __x64_sys_ioctl+0x97/0xe0
  do_syscall_64+0x81/0x610
  entry_SYSCALL_64_after_hwframe+0x76/0x7e

Revert CT_PTP_NUM to 1. The 256 SRC_RESOURCE_NUM and playback_count
remain unchanged.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
3.2 ≤
𝑥
< 6.6.136
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.83
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.24
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.14
linuxlinux_kernel
7.0 ≤
𝑥
< 7.0.1
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-64kb
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-default-base
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.219.1.150400.24.110.2
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1.150600.12.52.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
kernel-docs
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-macros
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-obs-build
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-source
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-syms
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
kernel-zfcpdump
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.310.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP4
5.14.21-150400.24.219.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.112.1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/2b4331c08c0b385598b4d8ccd71e93ab3f4b2578
https://git.kernel.org/stable/c/365c36e1a126c6aa1aecedd3a351bcabc66f0c29
https://git.kernel.org/stable/c/3fd0685d7fef68c2d8a04876bcf9eaa0724ad6a5
https://git.kernel.org/stable/c/452894005b4abe141b11fe01e7bfe152e6d3860f
https://git.kernel.org/stable/c/ad9011a795407093dcf507f6e5da1828987b4b47
https://git.kernel.org/stable/c/b7f5ecd13cce8c2f8fa5a84c9aab65997142577e
https://git.kernel.org/stable/c/c5908160e17cb56e1f61fbaee08adc21083f4933
https://git.kernel.org/stable/c/de8016fb0904d68ac886e375069535996baa42ee
https://git.kernel.org/stable/c/e9418da50d9e5c496c22fe392e4ad74c038a94eb