Linux Kernel Vulnerability in Comedi Digital Input/Output Subdevices
CVE-2025-38480

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38480?

An issue has been identified in the Linux kernel that affects Comedi digital input/output subdevices whereby uninitialized data could potentially be written or read, leading to an incorrect value being processed. The vulnerability occurs because the function handling INSN_WRITE does not properly validate or check the size of its input, allowing erroneous or uninitialized data to propagate. A fix was implemented to ensure that if the instruction count is zero, the method exits early, thus mitigating the risk of utilizing invalid data and maintaining the integrity of the digital channels.

Affected Version(s)

Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4 < 3050d197d6bc9ef128944a70210f42d2430b3000

Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4 < 10f9024a8c824a41827fff1fefefb314c98e2c88

Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4 < 2af1e7d389c2619219171d23f5b96dbcbb7f9656

References

https://git.kernel.org/stable/c/3050d197d6bc9ef128944a702...

https://git.kernel.org/stable/c/10f9024a8c824a41827fff1fe...

https://git.kernel.org/stable/c/2af1e7d389c2619219171d23f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025