PT-2025-31076 · Linux+5 · Linux Kernel+5
Published
2025-07-07
·
Updated
2026-04-20
·
CVE-2025-38480
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The
insn rw emulate bits() function within the Comedi subsystem does not properly handle cases where insn->n is 0 for INSN READ and INSN WRITE instructions. This can lead to the function accessing uninitialized data from data[0], potentially resulting in incorrect values being written to digital output channels or reflected in the channel's internal state. The issue occurs when insn read and insn write handler functions are not present for a subdevice, and the insn rw emulate bits() function is used as a fallback.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use of Uninitialized Resource
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu