CVE-2025-38480 Information
Description
In the Linux kernel the following vulnerability has been resolved:
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
For Comedi INSN_READ and INSN_WRITE instructions on \digital\nsubdevices (subdevice types COMEDI_SUBD_DI COMEDI_SUBD_DO and
COMEDI_SUBD_DIO) it is common for the subdevice driver not to have
insn_read and insn_write handler functions but to have an
insn_bits handler function for handling Comedi INSN_BITS
instructions. In that case the subdevice’s insn_read and/or
insn_write function handler pointers are set to point to the
insn_rw_emulate_bits() function by __comedi_device_postconfig().
For INSN_WRITE insn_rw_emulate_bits() currently assumes that the
supplied data[0] value is a valid copy from user memory. It will at
least exist because do_insnlist_ioctl() and do_insn_ioctl() in
Reference
https://git.kernel.org/stable/c/10f9024a8c824a41827fff1fefefb314c98e2c88 https://git.kernel.org/stable/c/2af1e7d389c2619219171d23f5b96dbcbb7f9656 https://git.kernel.org/stable/c/3050d197d6bc9ef128944a70210f42d2430b3000 https://git.kernel.org/stable/c/3ab55ffaaf75d0c7b68e332c1cdcc1b0e0044870 https://git.kernel.org/stable/c/e9cb26291d009243a4478a7ffb37b3a9175bfce9
Related CNNVD
CNNVD-202507-3505 (Published: 2025-07-28)
Share on: