CVE-2026-31751
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
01/05/2026
Last modified:
07/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
comedi: dt2815: add hardware detection to prevent crash<br />
<br />
The dt2815 driver crashes when attached to I/O ports without actual<br />
hardware present. This occurs because syzkaller or users can attach<br />
the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl.<br />
<br />
When no hardware exists at the specified port, inb() operations return<br />
0xff (floating bus), but outb() operations can trigger page faults due<br />
to undefined behavior, especially under race conditions:<br />
<br />
BUG: unable to handle page fault for address: 000000007fffff90<br />
#PF: supervisor write access in kernel mode<br />
#PF: error_code(0x0002) - not-present page<br />
RIP: 0010:dt2815_attach+0x6e0/0x1110<br />
<br />
Add hardware detection by reading the status register before attempting<br />
any write operations. If the read returns 0xff, assume no hardware is<br />
present and fail the attach with -ENODEV. This prevents crashes from<br />
outb() operations on non-existent hardware.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.30 (including) | 5.10.253 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.203 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.168 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.134 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.81 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.22 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0dcf33994b8dcf3db36530fb7e2cf9f89e5cbac3
- https://git.kernel.org/stable/c/34b13250c618d7441508c6ef369144aa8a9b9bfa
- https://git.kernel.org/stable/c/34c8b3a91bdfbe4573650b4cd750ef639101fdc5
- https://git.kernel.org/stable/c/65c528fbeddd88478c210052f6c7b21be4973156
- https://git.kernel.org/stable/c/8d63161837f1bf8810dbcd2a583c2bbf5ca6d733
- https://git.kernel.org/stable/c/93853512f565e625df2397f0d8050d6aafd7c3ad
- https://git.kernel.org/stable/c/d2a786efdb9971f2a647724625da5bbecc994dc9
- https://git.kernel.org/stable/c/d5d9df8b08d68d083ac57abc2c887dfb1f31af63