Improper Data Initialization in Linux Kernel Affecting Comedi Subdevices
CVE-2025-38478
What is CVE-2025-38478?
This vulnerability in the Linux kernel affects the initialization of data for instructions that write to Comedi subdevices. Specifically, certain handlers do not properly initialize all data elements, potentially leading to the use of uninitialized data when these handlers are executed. This could cause unpredictable behavior or expose sensitive information when subdevice instructions are processed. The issue has been addressed by ensuring that the minimum required elements are initialized to zero before being used by the instruction handlers, thereby enhancing the overall robustness of the system.
Affected Version(s)
Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4
Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4 < 673ee92bd2d31055bca98a1d96b653f5284289c4
Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4