PT-2025-31077 · Linux +1 · Linux Kernel +1
Published
2025-07-04
·
Updated
2025-07-28
·
CVE-2025-38481
4.6
Medium
| Base vector | Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The handling of the `COMEDI INSNLIST` ioctl allocates a kernel buffer to hold the array of `struct comedi insn`, using the length from the `n insns` member of the `struct comedi insnlist` supplied by the user. The allocation can fail, resulting in a WARNING and a stack dump, if `n insns` is too large. This issue is addressed by failing with an `-EINVAL` error if the supplied `n insns` value is unreasonable. The limit on the `n insns` value is defined by the `MAX INSNS` macro, set to the same value as `MAX SAMPLES` (65536).
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Weakness Enumeration
Related Identifiers
Affected Products
References · 13
- https://security-tracker.debian.org/tracker/source-package/linux · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-38481 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38481 · Security Note
- https://security-tracker.debian.org/tracker/CVE-2025-38481 · Vendor Advisory
- https://bdu.fstec.ru/vul/2025-09179 · Security Note
- https://git.kernel.org/stable/c/d4c73ce13f5b5a0fe0319f1f352ff602f0ace8e3 · Note
- https://git.kernel.org/stable/c/e3b8322cc8081d142ee4c1a43e1d702bdba1ed76 · Note
- https://packages.debian.org/src:linux · Note
- https://git.kernel.org/stable/c/08ae4b20f5e82101d77326ecab9089e110f224cc · Note
- https://git.kernel.org/stable/c/c9d3d9667443caafa804cd07940aeaef8e53aa90 · Note
- https://twitter.com/CVEnew/status/1949799974432285125 · Twitter Post
- https://t.me/CVEtracker/28554 · Telegram Post
- https://git.kernel.org/stable/c/992d600f284e719242a434166e86c1999649b71c · Note