CVE-2026-31750

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> comedi: runflags cannot determine whether to reclaim chanlist<br /> <br /> syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi:<br /> Add reference counting for Comedi command handling") did not consider<br /> the exceptional exit case in do_cmd_ioctl() where runflags is not set.<br /> This caused chanlist not to be properly freed by do_become_nonbusy(),<br /> as it only frees chanlist when runflags is correctly set.<br /> <br /> Added a check in do_become_nonbusy() for the case where runflags is not<br /> set, to properly free the chanlist memory.<br /> <br /> [1]<br /> BUG: memory leak<br /> backtrace (crc 844a0efa):<br /> __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline]<br /> do_cmd_ioctl.part.0+0x112/0x350 drivers/comedi/comedi_fops.c:1890<br /> do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]