Buffer Allocation Error in Linux Kernel's COMEDI Peripheral Driver
CVE-2025-38481

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
28 July 2025

What is CVE-2025-38481?

The Linux kernel's COMEDI driver has a vulnerability related to the COMEDI_INSNLIST ioctl functionality. When a user attempts to allocate a buffer for the struct comedi_insn array, a failure can occur if the n_insns member is set to an excessively high value. This results in an error message and a stack trace, which could potentially lead to instability within the kernel. To mitigate this issue, the kernel now checks the supplied n_insns value against a predefined limit, MAX_INSNS, which is set to 65536, the maximum count for comedi instructions. This change aims to prevent crashes and ensures sensible instructions are executed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4 < 454d732dfd0aef7d7aa950c409215ca06d717e93

Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4

Linux ed9eccbe8970f6eedc1b978c157caf1251a896d4 < 69dc06b9514522de532e997a21d035cd29b0db44

References

https://git.kernel.org/stable/c/454d732dfd0aef7d7aa950c40...
https://git.kernel.org/stable/c/c68257588e87f45530235701a...
https://git.kernel.org/stable/c/69dc06b9514522de532e997a2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.