CVE-2025-38481
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large The handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to hold the array of `struct comedi_insn`, getting the length from the `n_insns` member of the `struct comedi_insnlist` supplied by the user. The allocation will fail with a WARNING and a stack dump if it is too large. Avoid that by failing with an `-EINVAL` error if the supplied `n_insns` value is unreasonable. Define the limit on the `n_insns` value in the `MAX_INSNS` macro. Set this to the same value as `MAX_SAMPLES` (65536), which is the maximum allowed sum of the values of the member `n` in the array of `struct comedi_insn`, and sensible comedi instructions will have an `n` of at least 1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38481
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of the COMEDI_INSNLIST ioctl. When a user supplies a very large value for the number of instructions (n_insns) in a comedi_insnlist structure, the kernel attempts to allocate a buffer that is too large, which can cause a failure with a warning and stack dump. The fix is to reject unreasonable n_insns values by returning an -EINVAL error, preventing the kernel from attempting to allocate excessively large buffers.


How can this vulnerability impact me? :

If exploited, this vulnerability could cause the Linux kernel to fail when handling certain ioctl calls, potentially leading to kernel warnings and stack dumps. This could result in denial of service or instability in systems using the COMEDI driver, affecting system reliability.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version where the comedi subsystem properly validates the n_insns value in the COMEDI_INSNLIST ioctl, ensuring it fails with -EINVAL if the value is too large. This prevents kernel buffer allocation failures and stack dumps caused by unreasonable n_insns values.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart