4.7
CVE-2026-31751
- EPSS 0.09%
- Veröffentlicht 01.05.2026 14:14:43
- Zuletzt bearbeitet 07.05.2026 19:11:00
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
comedi: dt2815: add hardware detection to prevent crash
In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl. When no hardware exists at the specified port, inb() operations return 0xff (floating bus), but outb() operations can trigger page faults due to undefined behavior, especially under race conditions: BUG: unable to handle page fault for address: 000000007fffff90 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page RIP: 0010:dt2815_attach+0x6e0/0x1110 Add hardware detection by reading the status register before attempting any write operations. If the read returns 0xff, assume no hardware is present and fail the attach with -ENODEV. This prevents crashes from outb() operations on non-existent hardware.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.30 < 5.10.253
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.203
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.168
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.134
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.81
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.22
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.12
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
Linux ≫ Linux Kernel Version7.0 Updaterc5
Linux ≫ Linux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.006 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://git.kernel.org/stable/c/8d63161837f1bf8810dbcd2a583c2bbf5ca6d733
https://git.kernel.org/stable/c/d2a786efdb9971f2a647724625da5bbecc994dc9
https://git.kernel.org/stable/c/0dcf33994b8dcf3db36530fb7e2cf9f89e5cbac3
https://git.kernel.org/stable/c/d5d9df8b08d68d083ac57abc2c887dfb1f31af63
https://git.kernel.org/stable/c/65c528fbeddd88478c210052f6c7b21be4973156
https://git.kernel.org/stable/c/34c8b3a91bdfbe4573650b4cd750ef639101fdc5
https://git.kernel.org/stable/c/34b13250c618d7441508c6ef369144aa8a9b9bfa
https://git.kernel.org/stable/c/93853512f565e625df2397f0d8050d6aafd7c3ad