Buffer Allocation Error in Linux Kernel's COMEDI Peripheral Driver

CVE-2025-38481

What is CVE-2025-38481?

The Linux kernel's COMEDI driver has a vulnerability related to the COMEDI_INSNLIST ioctl functionality. When a user attempts to allocate a buffer for the struct comedi_insn array, a failure can occur if the n_insns member is set to an excessively high value. This results in an error message and a stack trace, which could potentially lead to instability within the kernel. To mitigate this issue, the kernel now checks the supplied n_insns value against a predefined limit, MAX_INSNS, which is set to 65536, the maximum count for comedi instructions. This change aims to prevent crashes and ensures sensible instructions are executed.

References