CVE-2026-31751 (GCVE-0-2026-31751)
Vulnerability from cvelistv5
Published
2026-05-01 14:14
Modified
2026-05-02 06:14
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl. When no hardware exists at the specified port, inb() operations return 0xff (floating bus), but outb() operations can trigger page faults due to undefined behavior, especially under race conditions: BUG: unable to handle page fault for address: 000000007fffff90 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page RIP: 0010:dt2815_attach+0x6e0/0x1110 Add hardware detection by reading the status register before attempting any write operations. If the read returns 0xff, assume no hardware is present and fail the attach with -ENODEV. This prevents crashes from outb() operations on non-existent hardware.
References
Impacted products
Vendor Product Version
Linux Linux Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
Version: d6a929b7608ae157cef86d00cc580d1038f0b985
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/dt2815.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8d63161837f1bf8810dbcd2a583c2bbf5ca6d733",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "d2a786efdb9971f2a647724625da5bbecc994dc9",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "0dcf33994b8dcf3db36530fb7e2cf9f89e5cbac3",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "d5d9df8b08d68d083ac57abc2c887dfb1f31af63",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "65c528fbeddd88478c210052f6c7b21be4973156",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "34c8b3a91bdfbe4573650b4cd750ef639101fdc5",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "34b13250c618d7441508c6ef369144aa8a9b9bfa",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            },
            {
              "lessThan": "93853512f565e625df2397f0d8050d6aafd7c3ad",
              "status": "affected",
              "version": "d6a929b7608ae157cef86d00cc580d1038f0b985",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/dt2815.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: dt2815: add hardware detection to prevent crash\n\nThe dt2815 driver crashes when attached to I/O ports without actual\nhardware present. This occurs because syzkaller or users can attach\nthe driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl.\n\nWhen no hardware exists at the specified port, inb() operations return\n0xff (floating bus), but outb() operations can trigger page faults due\nto undefined behavior, especially under race conditions:\n\n  BUG: unable to handle page fault for address: 000000007fffff90\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  RIP: 0010:dt2815_attach+0x6e0/0x1110\n\nAdd hardware detection by reading the status register before attempting\nany write operations. If the read returns 0xff, assume no hardware is\npresent and fail the attach with -ENODEV. This prevents crashes from\noutb() operations on non-existent hardware."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-02T06:14:23.627Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8d63161837f1bf8810dbcd2a583c2bbf5ca6d733"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2a786efdb9971f2a647724625da5bbecc994dc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dcf33994b8dcf3db36530fb7e2cf9f89e5cbac3"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5d9df8b08d68d083ac57abc2c887dfb1f31af63"
        },
        {
          "url": "https://git.kernel.org/stable/c/65c528fbeddd88478c210052f6c7b21be4973156"
        },
        {
          "url": "https://git.kernel.org/stable/c/34c8b3a91bdfbe4573650b4cd750ef639101fdc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/34b13250c618d7441508c6ef369144aa8a9b9bfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/93853512f565e625df2397f0d8050d6aafd7c3ad"
        }
      ],
      "title": "comedi: dt2815: add hardware detection to prevent crash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31751",
    "datePublished": "2026-05-01T14:14:43.551Z",
    "dateReserved": "2026-03-09T15:48:24.139Z",
    "dateUpdated": "2026-05-02T06:14:23.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.