CVE-2025-68257

MEDIUM
中文标题:
(暂无数据)
英文标题:
comedi: check device's attached status in compat ioctls
CVSS分数: -1.0
发布时间: 2025-12-16 14:44:59
漏洞类型: (暂无数据)
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v4
漏洞描述
中文描述:

(暂无数据)

英文描述:

In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as said callback must always be set to get_zero_valid_routes() in __comedi_device_postconfig(). As the crash seems to appear exclusively in i386 kernels, at least, judging from [1] reports, the blame lies with compat versions of standard IOCTL handlers. Several of them are modified and do not use comedi_unlocked_ioctl(). While functionality of these ioctls essentially copy their original versions, they do not have required sanity check for device's attached status. This, in turn, leads to a possibility of calling select IOCTLs on a device that has not been properly setup, even via COMEDI_DEVCONFIG. Doing so on unconfigured devices means that several crucial steps are missed, for instance, specifying dev->get_valid_routes() callback. Fix this somewhat crudely by ensuring device's attached status before performing any ioctls, improving logic consistency between modern and compat functions. [1] Syzbot report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... CR2: ffffffffffffffd6 CR3: 000000006c717000 CR4: 0000000000352ef0 Call Trace: <TASK> get_valid_routes drivers/comedi/comedi_fops.c:1322 [inline] parse_insn+0x78c/0x1970 drivers/comedi/comedi_fops.c:1401 do_insnlist_ioctl+0x272/0x700 drivers/comedi/comedi_fops.c:1594 compat_insnlist drivers/comedi/comedi_fops.c:3208 [inline] comedi_compat_ioctl+0x810/0x990 drivers/comedi/comedi_fops.c:3273 __do_compat_sys_ioctl fs/ioctl.c:695 [inline] __se_compat_sys_ioctl fs/ioctl.c:638 [inline] __ia32_compat_sys_ioctl+0x242/0x370 fs/ioctl.c:638 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] ...

CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Linux Linux - < f6e629dfe6f590091c662a87c9fcf118b1c1c7dc - cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
Linux Linux 5.8 - - cpe:2.3:a:linux:linux:5.8:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
416baaa9-dc9f-4396-8d5f-8c081fb06d67 OTHER
nvd.nist.gov
访问
416baaa9-dc9f-4396-8d5f-8c081fb06d67 OTHER
nvd.nist.gov
访问
416baaa9-dc9f-4396-8d5f-8c081fb06d67 OTHER
nvd.nist.gov
访问
416baaa9-dc9f-4396-8d5f-8c081fb06d67 OTHER
nvd.nist.gov
访问
CVSS评分详情
-1.0
LOW
CVSS向量: NOT_EXTRACTED
CVSS版本: NOT_EXTRACTED
机密性
N/A
完整性
N/A
可用性
N/A
时间信息
发布时间:
2025-12-16 14:44:59
修改时间:
2025-12-16 14:44:59
创建时间:
2026-01-12 02:12:29
更新时间:
2026-01-20 03:10:37
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-68257 2025-12-19 03:24:49 2026-01-12 02:12:29
NVD nvd_CVE-2025-68257 2025-12-19 03:25:39 2026-01-12 02:28:13
版本与语言
当前版本: v4
主要语言: EN
支持语言:
EN
安全公告
暂无安全公告信息
变更历史
v4 NVD
2026-01-20 03:10:37
references_count: 6 → 8
查看详细变更
  • references_count: 6 -> 8
v3 NVD
2026-01-12 03:36:52
references_count: 4 → 6
查看详细变更
  • references_count: 4 -> 6
v2 NVD
2026-01-12 02:28:13
affected_products_count: 5 → 2; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 5 -> 2
  • data_sources: ['cve'] -> ['cve', 'nvd']