Skip to main content

Linux Kernel CVE-2026-31751

| EUVDEUVD-2026-26564 MEDIUM
Race Condition (CWE-362)
2026-05-01 Linux
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:46 vuln.today
CVSS changed
May 07, 2026 - 19:22 NVD
4.7 (MEDIUM)
Patch available
May 01, 2026 - 16:02 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26564
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 4.7
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

comedi: dt2815: add hardware detection to prevent crash

The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl.

When no hardware exists at the specified port, inb() operations return 0xff (floating bus), but outb() operations can trigger page faults due to undefined behavior, especially under race conditions:

BUG: unable to handle page fault for address: 000000007fffff90 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page RIP: 0010:dt2815_attach+0x6e0/0x1110

Add hardware detection by reading the status register before attempting any write operations. If the read returns 0xff, assume no hardware is present and fail the attach with -ENODEV. This prevents crashes from outb() operations on non-existent hardware.

AnalysisAI

Denial of service in the Linux kernel comedi dt2815 driver allows local authenticated users to crash the system by attaching the driver to arbitrary I/O addresses without actual hardware present via the COMEDI_DEVCONFIG ioctl. The vulnerability occurs when outb() operations are performed on non-existent hardware, triggering page faults under race conditions. A patch adding hardware detection via status register reads prevents the crash.

Technical ContextAI

The dt2815 driver is a COMEDI (Control and Measurement Device Interface) driver for hardware data acquisition boards. The vulnerability exists in the driver's attach routine, which attempts direct I/O port operations (inb/outb) without first verifying hardware presence. When the driver is attached to invalid I/O addresses, inb() returns 0xff (floating bus default), but subsequent outb() calls can trigger page faults due to accessing unmapped memory regions. The root cause is a race condition (CWE-362) where hardware detection is missing before performing write operations. The fix implements pre-write hardware detection by reading the status register; if it returns 0xff, the attach operation fails with -ENODEV, preventing the page fault.

RemediationAI

Apply the vendor-released patch immediately via kernel update to fixed versions: Linux 5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, or 7.0 or later. The fix can be obtained directly from the Linux kernel stable repository using the commit hashes provided (8d63161837f1bf8810dbcd2a583c2bbf5ca6d733 and related commits across stable branches). For systems unable to update immediately, restrict access to the COMEDI device interface by disabling unprivileged ioctl access via filesystem permissions or seccomp rules to prevent users from loading arbitrary drivers to non-existent hardware addresses. Note that kernel updates typically require system reboot, while access restrictions take effect immediately but may impact legitimate comedi-based instrumentation software. Verify hardware presence before attaching the dt2815 driver in userspace tools to avoid triggering this condition.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy