CVE-2025-39686
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default handler for `INSN_WRITE` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the `INSN_READ` or `INSN_WRITE` instruction handling with a constructed `INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE` instructions are supposed to be able read or write multiple samples, indicated by the `insn->n` value, but `insn_rw_emulate_bits()` currently only handles a single sample. For `INSN_READ`, the comedi core will copy `insn->n` samples back to user-space. (That triggered KASAN kernel-infoleak errors when `insn->n` was greater than 1, but that is being fixed more generally elsewhere in the comedi core.) Make `insn_rw_emulate_bits()` either handle `insn->n` samples, or return an error, to conform to the general expectation for `INSN_READ` and `INSN_WRITE` handlers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39686
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's comedi subsystem, specifically the insn_rw_emulate_bits() function. This function is intended to handle INSN_READ and INSN_WRITE instructions by emulating them with INSN_BITS instructions. However, it only processes a single sample instead of multiple samples as expected (indicated by insn->n). This mismatch can cause errors such as kernel information leaks when multiple samples are read or written, because the function does not properly handle the number of samples requested.

Impact Analysis

The vulnerability can lead to kernel information leaks due to improper handling of multiple samples in INSN_READ and INSN_WRITE instructions. This could potentially expose sensitive kernel memory information or cause instability in the system when interacting with affected comedi subdevices.

Mitigation Strategies

The vulnerability has been resolved by updating the Linux kernel's comedi driver to make the insn_rw_emulate_bits() function properly handle multiple samples as expected, or return an error. Immediate mitigation would involve updating your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39686. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart