CVE-2025-38480

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized data in insn_rw_emulate_bits() For Comedi `INSN_READ` and `INSN_WRITE` instructions on "digital" subdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and `COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have `insn_read` and `insn_write` handler functions, but to have an `insn_bits` handler function for handling Comedi `INSN_BITS` instructions. In that case, the subdevice's `insn_read` and/or `insn_write` function handler pointers are set to point to the `insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`. For `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the supplied `data[0]` value is a valid copy from user memory. It will at least exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in "comedi_fops.c" ensure at lease `MIN_SAMPLES` (16) elements are allocated. However, if `insn->n` is 0 (which is allowable for `INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain uninitialized data, and certainly contains invalid data, possibly from a different instruction in the array of instructions handled by `do_insnlist_ioctl()`. This will result in an incorrect value being written to the digital output channel (or to the digital input/output channel if configured as an output), and may be reflected in the internal saved state of the channel. Fix it by returning 0 early if `insn->n` is 0, before reaching the code that accesses `data[0]`. Previously, the function always returned 1 on success, but it is supposed to be the number of data samples actually read or written up to `insn->n`, which is 0 in this case.

CVSS3: 5.5

Vendor State

OS	Vendor version	Errata
Oracle Linux 7 UEK 6	5.4.17-2136.348.3.el7uek	ELSA-2025-20663
Oracle Linux 8 UEK 6	5.4.17-2136.348.3.el8uek	ELSA-2025-20663
Debian 11	5.10.244-1	DLA-4327-1
Ubuntu 22.04	5.15.0-163.173	USN-7909-1
Ubuntu 22.04 AWS	5.15.0-1097.104	USN-7909-1
Debian 11 cloud	5.10.244-1	DLA-4327-1
Debian 12	6.1.147-1	DSA-5973-1

KernelCare State

OS	Original kernel version	State
Oracle Linux 7 UEK 6	5.4.17-2011.2.2.el7uek show all hide all 5.4.17-2011.1.2.el7uek 5.4.17-2011.3.2.1.el7uek 5.4.17-2011.0.7.el7uek 5.4.17-2011.4.4.el7uek 5.4.17-2011.4.6.el7uek 5.4.17-2011.5.3.el7uek 5.4.17-2011.6.2.el7uek 5.4.17-2011.7.4.el7uek 5.4.17-2036.100.6.1.el7uek 5.4.17-2036.101.2.el7uek 5.4.17-2036.102.0.2.el7uek 5.4.17-2036.103.3.el7uek 5.4.17-2036.103.3.1.el7uek 5.4.17-2036.104.4.el7uek 5.4.17-2036.104.5.el7uek 5.4.17-2102.200.13.el7uek 5.4.17-2102.201.3.el7uek 5.4.17-2102.202.5.el7uek 5.4.17-2102.203.5.el7uek 5.4.17-2102.203.6.el7uek 5.4.17-2102.204.4.2.el7uek 5.4.17-2102.204.4.3.el7uek 5.4.17-2102.204.4.4.el7uek 5.4.17-2102.205.7.2.el7uek 5.4.17-2102.205.7.3.el7uek 5.4.17-2102.206.1.el7uek 5.4.17-2136.300.7.el7uek 5.4.17-2136.301.1.2.el7uek 5.4.17-2136.301.1.4.el7uek 5.4.17-2136.302.6.1.el7uek 5.4.17-2136.302.7.2.el7uek 5.4.17-2136.302.7.2.1.el7uek 5.4.17-2136.301.1.3.el7uek 5.4.17-2136.302.7.2.2.el7uek 5.4.17-2136.302.7.2.3.el7uek 5.4.17-2136.304.4.1.el7uek 5.4.17-2136.304.4.2.el7uek 5.4.17-2136.304.4.3.el7uek 5.4.17-2136.304.4.4.el7uek 5.4.17-2136.304.4.5.el7uek 5.4.17-2136.305.5.3.el7uek 5.4.17-2136.305.5.4.el7uek 5.4.17-2136.305.5.5.el7uek 5.4.17-2136.306.1.3.el7uek 5.4.17-2136.307.3.1.el7uek 5.4.17-2136.307.3.2.el7uek 5.4.17-2136.307.3.4.el7uek 5.4.17-2136.307.3.5.el7uek 5.4.17-2136.308.7.el7uek 5.4.17-2136.307.3.6.el7uek 5.4.17-2136.308.9.el7uek 5.4.17-2136.309.5.el7uek 5.4.17-2136.309.5.1.el7uek 5.4.17-2136.310.7.el7uek 5.4.17-2136.310.7.1.el7uek 5.4.17-2136.309.4.el7uek 5.4.17-2136.311.6.el7uek 5.4.17-2136.311.6.1.el7uek 5.4.17-2136.312.3.4.el7uek 5.4.17-2136.313.6.el7uek 5.4.17-2136.314.6.2.el7uek 5.4.17-2136.314.6.3.el7uek 5.4.17-2136.315.5.el7uek 5.4.17-2136.316.7.el7uek 5.4.17-2136.315.5.8.el7uek 5.4.17-2136.317.5.3.el7uek 5.4.17-2136.317.5.5.el7uek 5.4.17-2136.318.7.1.el7uek 5.4.17-2136.318.7.2.el7uek 5.4.17-2136.319.1.2.el7uek 5.4.17-2136.319.1.3.el7uek 5.4.17-2136.319.1.4.el7uek 5.4.17-2136.320.7.el7uek 5.4.17-2136.320.7.1.el7uek 5.4.17-2136.321.4.el7uek 5.4.17-2136.322.6.2.el7uek 5.4.17-2136.323.8.el7uek 5.4.17-2136.323.8.1.el7uek 5.4.17-2136.323.8.2.el7uek 5.4.17-2136.321.4.1.el7uek 5.4.17-2136.324.5.3.el7uek 5.4.17-2136.322.6.3.el7uek 5.4.17-2136.325.5.el7uek 5.4.17-2136.325.5.1.el7uek 5.4.17-2136.326.6.el7uek 5.4.17-2136.326.6.1.el7uek 5.4.17-2136.327.2.el7uek 5.4.17-2136.328.3.el7uek 5.4.17-2136.329.3.1.el7uek 5.4.17-2136.322.6.4.el7uek 5.4.17-2136.329.3.2.el7uek 5.4.17-2136.330.7.1.el7uek 5.4.17-2136.331.7.el7uek 5.4.17-2136.322.6.5.el7uek 5.4.17-2136.330.7.4.el7uek 5.4.17-2136.332.5.2.el7uek 5.4.17-2136.333.5.el7uek 5.4.17-2136.330.7.5.el7uek 5.4.17-2136.333.5.1.el7uek 5.4.17-2136.334.6.el7uek 5.4.17-2136.334.6.1.el7uek 5.4.17-2136.335.4.el7uek 5.4.17-2136.335.4.1.el7uek 5.4.17-2136.336.5.1.el7uek 5.4.17-2136.337.5.el7uek 5.4.17-2136.337.5.1.el7uek 5.4.17-2136.336.5.3.el7uek 5.4.17-2136.336.5.3.1.el7uek 5.4.17-2136.336.5.3.2.el7uek 5.4.17-2136.338.4.1.el7uek 5.4.17-2136.338.4.2.el7uek	Released
Oracle Linux 8 UEK 6	5.4.17-2011.2.2.el8uek show all hide all 5.4.17-2011.1.2.el8uek 5.4.17-2011.3.2.1.el8uek 5.4.17-2011.0.7.el8uek 5.4.17-2011.4.4.el8uek 5.4.17-2011.4.6.el8uek 5.4.17-2011.5.3.el8uek 5.4.17-2011.6.2.el8uek 5.4.17-2011.7.4.el8uek 5.4.17-2036.100.6.1.el8uek 5.4.17-2036.101.2.el8uek 5.4.17-2036.102.0.2.el8uek 5.4.17-2036.103.3.el8uek 5.4.17-2036.103.3.1.el8uek 5.4.17-2036.104.4.el8uek 5.4.17-2036.104.5.el8uek 5.4.17-2102.200.13.el8uek 5.4.17-2102.201.3.el8uek 5.4.17-2102.202.5.el8uek 5.4.17-2102.203.5.el8uek 5.4.17-2102.203.6.el8uek 5.4.17-2102.204.4.2.el8uek 5.4.17-2102.204.4.3.el8uek 5.4.17-2102.204.4.4.el8uek 5.4.17-2102.205.7.2.el8uek 5.4.17-2102.205.7.3.el8uek 5.4.17-2102.206.1.el8uek 5.4.17-2136.300.7.el8uek 5.4.17-2136.301.1.2.el8uek 5.4.17-2136.301.1.4.el8uek 5.4.17-2136.302.6.1.el8uek 5.4.17-2136.302.7.2.el8uek 5.4.17-2136.302.7.2.1.el8uek 5.4.17-2136.301.1.3.el8uek 5.4.17-2136.302.7.2.2.el8uek 5.4.17-2136.302.7.2.3.el8uek 5.4.17-2136.304.4.1.el8uek 5.4.17-2136.304.4.2.el8uek 5.4.17-2136.304.4.3.el8uek 5.4.17-2136.304.4.4.el8uek 5.4.17-2136.304.4.5.el8uek 5.4.17-2136.305.5.3.el8uek 5.4.17-2136.305.5.4.el8uek 5.4.17-2136.305.5.5.el8uek 5.4.17-2136.306.1.3.el8uek 5.4.17-2136.307.3.1.el8uek 5.4.17-2136.307.3.2.el8uek 5.4.17-2136.307.3.4.el8uek 5.4.17-2136.307.3.5.el8uek 5.4.17-2136.308.7.el8uek 5.4.17-2136.307.3.6.el8uek 5.4.17-2136.308.9.el8uek 5.4.17-2136.309.5.el8uek 5.4.17-2136.309.5.1.el8uek 5.4.17-2136.310.7.el8uek 5.4.17-2136.310.7.1.el8uek 5.4.17-2136.309.4.el8uek 5.4.17-2136.311.6.el8uek 5.4.17-2136.311.6.1.el8uek 5.4.17-2136.312.3.4.el8uek 5.4.17-2136.313.6.el8uek 5.4.17-2136.314.6.2.el8uek 5.4.17-2136.314.6.3.el8uek 5.4.17-2136.315.5.el8uek 5.4.17-2136.316.7.el8uek 5.4.17-2136.315.5.8.el8uek 5.4.17-2136.317.5.3.el8uek 5.4.17-2136.317.5.5.el8uek 5.4.17-2136.318.7.1.el8uek 5.4.17-2136.318.7.2.el8uek 5.4.17-2136.319.1.2.el8uek 5.4.17-2136.319.1.3.el8uek 5.4.17-2136.319.1.4.el8uek 5.4.17-2136.320.7.el8uek 5.4.17-2136.320.7.1.el8uek 5.4.17-2136.321.4.el8uek 5.4.17-2136.321.4.1.el8uek 5.4.17-2136.322.6.2.el8uek 5.4.17-2136.323.8.el8uek 5.4.17-2136.323.8.1.el8uek 5.4.17-2136.323.8.2.el8uek 5.4.17-2136.324.5.2.el8uek 5.4.17-2136.324.5.3.el8uek 5.4.17-2136.322.6.3.el8uek 5.4.17-2136.325.5.el8uek 5.4.17-2136.325.5.1.el8uek 5.4.17-2136.326.6.el8uek 5.4.17-2136.326.6.1.el8uek 5.4.17-2136.327.2.el8uek 5.4.17-2136.328.3.el8uek 5.4.17-2136.329.3.1.el8uek 5.4.17-2136.322.6.4.el8uek 5.4.17-2136.329.3.2.el8uek 5.4.17-2136.330.7.1.el8uek 5.4.17-2136.331.7.el8uek 5.4.17-2136.322.6.5.el8uek 5.4.17-2136.330.7.4.el8uek 5.4.17-2136.332.5.2.el8uek 5.4.17-2136.333.5.el8uek 5.4.17-2136.330.7.5.el8uek 5.4.17-2136.333.5.1.el8uek 5.4.17-2136.334.6.el8uek 5.4.17-2136.334.6.1.el8uek 5.4.17-2136.335.4.el8uek 5.4.17-2136.335.4.1.el8uek 5.4.17-2136.336.5.1.el8uek 5.4.17-2136.337.5.el8uek 5.4.17-2136.337.5.1.el8uek 5.4.17-2136.336.5.3.el8uek 5.4.17-2136.336.5.3.1.el8uek 5.4.17-2136.336.5.3.2.el8uek 5.4.17-2136.338.4.1.el8uek 5.4.17-2136.338.4.2.el8uek 5.4.17-2136.339.5.el8uek 5.4.17-2136.339.5.1.el8uek 5.4.17-2136.339.5.2.el8uek 5.4.17-2136.340.4.1.el8uek 5.4.17-2136.341.3.3.el8uek 5.4.17-2136.341.3.1.el8uek 5.4.17-2136.342.5.el8uek 5.4.17-2136.342.5.3.el8uek 5.4.17-2136.343.5.1.el8uek 5.4.17-2136.344.4.1.el8uek 5.4.17-2136.343.5.3.el8uek 5.4.17-2136.344.4.3.el8uek 5.4.17-2136.345.5.3.el8uek 5.4.17-2136.346.6.el8uek 5.4.17-2136.343.5.5.el8uek 5.4.17-2136.347.6.el8uek 5.4.17-2136.347.6.1.el8uek 5.4.17-2136.347.6.2.el8uek 5.4.17-2136.347.6.3.el8uek 5.4.17-2136.343.5.6.el8uek 5.4.17-2136.347.6.4.el8uek	Released
Debian 11		Planned
Ubuntu 22.04		Planned
Ubuntu 22.04 AWS		Planned
Debian 11 cloud		Planned
Debian 12		In Progress