comedi

The Linux kernel vulnerability tracked as CVE-2025-38481 — a bug in the comedi subsystem that causes the COMEDI_INSNLIST ioctl to allocate an unreasonably large kernel buffer when given a maliciously large n_insns value — has been fixed upstream by adding a limit (MAX_INSNS) and by refusing...

The Linux kernel vulnerability tracked as CVE-2025-38480 has been published: a subtle correctness bug in the COMEDI subsystem where the helper function insn_rw_emulate_bits could read uninitialized data when presented with an instruction that specifies zero samples. Upstream kernel maintainers...

The Linux kernel CVE-2025-38483 disclosure fixes a small but meaningful defensive-programming error in the COMEDI das16m1 driver that could lead to an out‑of‑bounds left-shift when a user-supplied IRQ number is used without sanity checks. The upstream patch enforces explicit bounds on the...

Microsoft’s terse advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate but incomplete as an operational statement — it is a product‑level attestation, not proof that every other Microsoft product is free of the same vulnerable component...

A newly assigned CVE, CVE-2025-68257, closes a subtle but dangerous gap in the Linux kernel’s COMEDI driver by ensuring compat ioctl handlers verify whether a device is actually attached before performing operations — a change that eliminates a reproducible NULL-pointer kernel crash reported by...