CVE-2026-31750
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
comedi: runflags cannot determine whether to reclaim chanlist
syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional exit case in do_cmd_ioctl() where runflags is not set. This caused chanlist not to be properly freed by do_become_nonbusy(), as it only frees chanlist when runflags is correctly set.
Added a check in do_become_nonbusy() for the case where runflags is not set, to properly free the chanlist memory.
[1] BUG: memory leak backtrace (crc 844a0efa): __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline] do_cmd_ioctl.part.0+0x112/0x350 drivers/comedi/comedi_fops.c:1890 do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4e1da516debbe6a573ffa0392e2809d180d0575c < 830c848aba9f047eb6b34288975ebeb8e8621451 | affected |
| Linux | Linux | 4e1da516debbe6a573ffa0392e2809d180d0575c < 29f644f14b89e6c4965e3c89251929e451190a66 | affected |
| Linux | Linux | 6.19 | affected |
| Linux | Linux | 0 < 6.19 | unaffected |
| Linux | Linux | 6.19.12 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/830c848aba9f047eb6b34288975ebeb8e8621451
- https://git.kernel.org/stable/c/29f644f14b89e6c4965e3c89251929e451190a66
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.