Fixed
Created: Jul 28, 2025
Updated: Sep 1, 2025
Resolved Date: Jul 29, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]comedi: Fix initialization of data for instructions that write to subdevice[EOL][EOL]Some Comedi subdevice instruction handlers are known to access[EOL]instruction data elements beyond the first `insn->n` elements in some[EOL]cases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions[EOL]allocate at least `MIN_SAMPLES` (16) data elements to deal with this,[EOL]but they do not initialize all of that. For Comedi instruction codes[EOL]that write to the subdevice, the first `insn->n` data elements are[EOL]copied from user-space, but the remaining elements are left[EOL]uninitialized. That could be a problem if the subdevice instruction[EOL]handler reads the uninitialized data. Ensure that the first[EOL]`MIN_SAMPLES` elements are initialized before calling these instruction[EOL]handlers, filling the uncopied elements with 0. For[EOL]`do_insnlist_ioctl()`, the same data buffer elements are used for[EOL]handling a list of instructions, so ensure the first `MIN_SAMPLES`[EOL]elements are initialized for each instruction that writes to the[EOL]subdevice.
CREATE(Triage):(User=admin) [CVE-2025-38478 (https://nvd.nist.gov/vuln/detail/CVE-2025-38478)
