CVE-2026-31751
Kernel Crash in Comedi DT2815 Driver Due to Missing Hardware Detection
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comedi | dt2815 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's dt2815 driver, which is part of the comedi subsystem. The driver crashes when it is attached to I/O ports where no actual hardware is present.
The issue arises because users or tools like syzkaller can attach the driver to arbitrary I/O addresses using the COMEDI_DEVCONFIG ioctl. When no hardware exists at the specified port, reading from the port returns 0xff (indicating a floating bus), but writing to the port can cause page faults due to undefined behavior, especially under race conditions.
The fix involves adding hardware detection by reading the status register before any write operations. If the read returns 0xff, the driver assumes no hardware is present and fails the attach operation, preventing crashes caused by outb() operations on non-existent hardware.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash when the dt2815 driver is attached to I/O ports without actual hardware. Such crashes can lead to system instability or denial of service.
If an attacker or a faulty process attaches the driver to arbitrary I/O addresses, it could trigger kernel page faults, potentially disrupting normal system operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when the dt2815 driver is attached to I/O ports without actual hardware present, causing crashes due to outb() operations triggering page faults.
Detection can involve monitoring for kernel crash messages related to the dt2815 driver, such as page faults with messages like:
- BUG: unable to handle page fault for address: 000000007fffff90
- #PF: supervisor write access in kernel mode
- RIP: 0010:dt2815_attach+0x6e0/0x1110
You can check if the dt2815 driver is loaded and attached to any devices by running commands like:
- lsmod | grep dt2815
- dmesg | grep dt2815
- cat /proc/ioports | grep dt2815
Since the vulnerability involves attaching the driver to arbitrary I/O ports via COMEDI_DEVCONFIG ioctl, monitoring for unusual ioctl calls or usage of the comedi driver may also help detect attempts to exploit this issue.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by adding hardware detection in the dt2815 driver to prevent crashes when no hardware is present.
Immediate mitigation steps include:
- Update the Linux kernel to a version that includes the fix for this vulnerability, which adds hardware detection by reading the status register before write operations.
- Avoid attaching the dt2815 driver to I/O ports where no actual hardware exists.
- Monitor system logs for crash messages related to dt2815 and investigate any suspicious activity involving the COMEDI_DEVCONFIG ioctl.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.