CVE-2025-39686
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39686
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39686.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39686
- Downstream
- Related
- Published
- 2025-09-05T17:20:53.071Z
- Modified
- 2025-11-28T02:35:30.331163Z
- Summary
- comedi: Make insn_rw_emulate_bits() do insn->n samples
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
comedi: Make insnrwemulate_bits() do insn->n samples
The
insn_rw_emulate_bits()function is used as a default handler forINSN_READinstructions for subdevices that have a handler forINSN_BITSbut not forINSN_READ. Similarly, it is used as a default handler forINSN_WRITEinstructions for subdevices that have a handler forINSN_BITSbut not forINSN_WRITE. It works by emulating theINSN_READorINSN_WRITEinstruction handling with a constructedINSN_BITSinstruction. However,INSN_READandINSN_WRITEinstructions are supposed to be able read or write multiple samples, indicated by theinsn->nvalue, butinsn_rw_emulate_bits()currently only handles a single sample. ForINSN_READ, the comedi core will copyinsn->nsamples back to user-space. (That triggered KASAN kernel-infoleak errors wheninsn->nwas greater than 1, but that is being fixed more generally elsewhere in the comedi core.)Make
insn_rw_emulate_bits()either handleinsn->nsamples, or return an error, to conform to the general expectation forINSN_READandINSN_WRITEhandlers. - Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39686.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/7afba9221f70d4cbce0f417c558879cba0eb5e66
- https://git.kernel.org/stable/c/842f307a1d115b24f2bcb2415c4e344f11f55930
- https://git.kernel.org/stable/c/92352ed2f9ac422181e381c2430c2d0dfb46faa0
- https://git.kernel.org/stable/c/ab77e85bd3bc006ef40738f26f446a660813da44
- https://git.kernel.org/stable/c/ae8bc1f07bcb31b8636420e03d1f9c3df6219a2b
- https://git.kernel.org/stable/c/dc0a2f142d655700db43de90cb6abf141b73d908
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39686.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39686
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceded9eccbe8970f6eedc1b978c157caf1251a896d4Fixedab77e85bd3bc006ef40738f26f446a660813da44Fixedae8bc1f07bcb31b8636420e03d1f9c3df6219a2bFixed842f307a1d115b24f2bcb2415c4e344f11f55930Fixed92352ed2f9ac422181e381c2430c2d0dfb46faa0Fixeddc0a2f142d655700db43de90cb6abf141b73d908Fixed7afba9221f70d4cbce0f417c558879cba0eb5e66