-
CVE-2025-39686
- EPSS 0.04%
- Published 05.09.2025 17:20:53
- Last modified 08.09.2025 16:25:38
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default handler for `INSN_WRITE` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the `INSN_READ` or `INSN_WRITE` instruction handling with a constructed `INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE` instructions are supposed to be able read or write multiple samples, indicated by the `insn->n` value, but `insn_rw_emulate_bits()` currently only handles a single sample. For `INSN_READ`, the comedi core will copy `insn->n` samples back to user-space. (That triggered KASAN kernel-infoleak errors when `insn->n` was greater than 1, but that is being fixed more generally elsewhere in the comedi core.) Make `insn_rw_emulate_bits()` either handle `insn->n` samples, or return an error, to conform to the general expectation for `INSN_READ` and `INSN_WRITE` handlers.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
ab77e85bd3bc006ef40738f26f446a660813da44
Version
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Status
affected
Version <
ae8bc1f07bcb31b8636420e03d1f9c3df6219a2b
Version
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Status
affected
Version <
842f307a1d115b24f2bcb2415c4e344f11f55930
Version
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Status
affected
Version <
92352ed2f9ac422181e381c2430c2d0dfb46faa0
Version
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Status
affected
Version <
dc0a2f142d655700db43de90cb6abf141b73d908
Version
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Status
affected
Version <
7afba9221f70d4cbce0f417c558879cba0eb5e66
Version
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
2.6.29
Status
affected
Version <
2.6.29
Version
0
Status
unaffected
Version <=
5.15.*
Version
5.15.190
Status
unaffected
Version <=
6.1.*
Version
6.1.149
Status
unaffected
Version <=
6.6.*
Version
6.6.103
Status
unaffected
Version <=
6.12.*
Version
6.12.44
Status
unaffected
Version <=
6.16.*
Version
6.16.4
Status
unaffected
Version <=
*
Version
6.17-rc3
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.092 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|