Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

The Linux kernel contains a flaw in Comedi subdevice instruction handlers where data elements beyond the first `insn->n` elements may be accessed in certain cases. The `do insn ioctl()` and `do insnlist ioctl()` functions allocate memory, but do not fully initialize it. For instruction codes that write to the subdevice, uninitialized data could be read by the subdevice instruction handler. The issue is addressed by initializing the first `MIN SAMPLES` elements with 0 before calling these instruction handlers.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.