CVE-2026-31750
Memory Leak in Linux Kernel Comedi Subsystem
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comedi | comedi | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's comedi driver. It involves a memory leak caused by improper handling of a command's runflags during an exceptional exit case in the function do_cmd_ioctl(). Specifically, when runflags is not set, the chanlist memory is not properly freed by the function do_become_nonbusy(), leading to a memory leak.
The issue arose because a commit that added reference counting for Comedi command handling did not consider the case where runflags was unset, causing the chanlist to remain allocated and not reclaimed.
The fix involved adding a check in do_become_nonbusy() to properly free the chanlist memory even when runflags is not set.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in systems using the comedi driver in the Linux kernel. Over time, the unreclaimed memory could accumulate, potentially causing increased memory usage, degraded system performance, or even system instability or crashes if memory exhaustion occurs.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a memory leak in the Linux kernel's comedi driver due to improper freeing of chanlist memory when runflags is not set.
Detection would typically involve monitoring for memory leaks or unusual memory usage patterns related to the comedi driver.
Since no specific detection commands or tools are provided in the available information, general Linux memory debugging tools such as 'dmesg' to check kernel logs for BUG messages, or using tools like 'valgrind' or kernel memory leak detectors might help identify symptoms.
However, no explicit commands or detection methods are detailed in the provided data.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by adding a check in the do_become_nonbusy() function to properly free the chanlist memory even when runflags is not set.
Immediate mitigation steps would include updating the Linux kernel to a version that contains the fix for this issue.
No other specific mitigation steps or workarounds are provided in the available information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.