CVE-2025-38478— comedi: Fix initialization of data for instructions that write to subdevice
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-38478
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
comedi: Fix initialization of data for instructions that write to subdevice
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first `insn->n` elements in some cases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions allocate at least `MIN_SAMPLES` (16) data elements to deal with this, but they do not initialize all of that. For Comedi instruction codes that write to the subdevice, the first `insn->n` data elements are copied from user-space, but the remaining elements are left uninitialized. That could be a problem if the subdevice instruction handler reads the uninitialized data. Ensure that the first `MIN_SAMPLES` elements are initialized before calling these instruction handlers, filling the uncopied elements with 0. For `do_insnlist_ioctl()`, the same data buffer elements are used for handling a list of instructions, so ensure the first `MIN_SAMPLES` elements are initialized for each instruction that writes to the subdevice.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未初始化指令数据,可能导致无效访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-38478
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-38478
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-07-28 · 29 CVEs total
| CVE-2025-38484 | iio: backend: fix out-of-bound write | |
| CVE-2025-38497 | usb: gadget: configfs: Fix OOB read on empty string write | |
| CVE-2025-38496 | dm-bufio: fix sched in atomic context | |
| CVE-2025-38495 | HID: core: ensure the allocated report buffer can contain the reserved report ID | |
| CVE-2025-38494 | HID: core: do not bypass hid_hw_raw_request | |
| CVE-2025-38493 | tracing/osnoise: Fix crash in timerlat_dump_stack() | |
| CVE-2025-38492 | netfs: Fix race between cache write completion and ALL_QUEUED being set | |
| CVE-2025-38491 | mptcp: make fallback action and fallback decision atomic | |
| CVE-2025-38490 | net: libwx: remove duplicate page_pool_put_full_page() | |
| CVE-2025-38489 | s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again | |
| CVE-2025-38488 | smb: client: fix use-after-free in crypt_message when using async crypto | |
| CVE-2025-38487 | soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled | |
| CVE-2025-38485 | iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush | |
| CVE-2025-38486 | soundwire: Revert "soundwire: qcom: Add set_channel_map api support" | |
| CVE-2025-38468 | net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree | |
| CVE-2025-38483 | comedi: das16m1: Fix bit shift out of bounds | |
| CVE-2025-38482 | comedi: das6402: Fix bit shift out of bounds | |
| CVE-2025-38481 | comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large | |
| CVE-2025-38480 | comedi: Fix use of uninitialized data in insn_rw_emulate_bits() | |
| CVE-2025-38477 | net/sched: sch_qfq: Fix race condition on qfq_aggregate |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2025-38478
No comments yet