Description
In the Linux kernel, the following vulnerability has been resolved:

comedi: dt2815: add hardware detection to prevent crash

The dt2815 driver crashes when attached to I/O ports without actual
hardware present. This occurs because syzkaller or users can attach
the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl.

When no hardware exists at the specified port, inb() operations return
0xff (floating bus), but outb() operations can trigger page faults due
to undefined behavior, especially under race conditions:

BUG: unable to handle page fault for address: 000000007fffff90
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
RIP: 0010:dt2815_attach+0x6e0/0x1110

Add hardware detection by reading the status register before attempting
any write operations. If the read returns 0xff, assume no hardware is
present and fail the attach with -ENODEV. This prevents crashes from
outb() operations on non-existent hardware.
Published: 2026-05-01
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The dt2815 driver in the Linux kernel accepts arbitrary I/O port addresses through the COMEDI_DEVCONFIG ioctl. When it attempts to write to an address with no hardware, the outb() operation can trigger a page fault, causing a kernel panic. This defect leads to a denial of service by crashing the kernel. Based on the description, the likely attack vector is a local privileged user or a system that can invoke the ioctl; remote exploitation would require privilege escalation. A denial of service results because the kernel stops responding and typically requires a reboot.

Affected Systems

Affected systems are any Linux kernel releases that include the dt2815 Comedi driver before the hardware detection fix was merged. The CPE indicates all variants of the Linux kernel, and no specific patch levels are provided, so any kernel containing the vulnerable code is at risk. If your environment uses a stock kernel or distribution kernel that shipped before the patch, the dt2815 module remains susceptible.

Risk and Exploitability

The CVSS score of 4.7 indicates moderate severity. The EPSS score of <1% indicates a low probability of exploitation in typical environments. The vulnerability is not listed in CISA KEV. An attacker with local privileged access or a process that can invoke the COMEDI_DEVCONFIG ioctl can trigger the flaw, causing a kernel panic that results in a denial of service.

Generated by OpenCVE AI on May 7, 2026 at 20:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the dt2815 hardware detection fix.
  • Reboot the system to activate the patched kernel and unload any stale modules.
  • If the dt2815 driver is not required, disable or remove it from the system to eliminate the attack surface.
  • If updating is not immediately possible, restrict the COMEDI_DEVCONFIG ioctl to privileged users and ensure the driver is only attached to known valid hardware addresses.

Generated by OpenCVE AI on May 7, 2026 at 20:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4606-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Thu, 07 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 02 May 2026 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-166
References

Fri, 01 May 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl. When no hardware exists at the specified port, inb() operations return 0xff (floating bus), but outb() operations can trigger page faults due to undefined behavior, especially under race conditions: BUG: unable to handle page fault for address: 000000007fffff90 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page RIP: 0010:dt2815_attach+0x6e0/0x1110 Add hardware detection by reading the status register before attempting any write operations. If the read returns 0xff, assume no hardware is present and fail the attach with -ENODEV. This prevents crashes from outb() operations on non-existent hardware.
Title comedi: dt2815: add hardware detection to prevent crash
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:15:06.157Z

Reserved: 2026-03-09T15:48:24.139Z

Link: CVE-2026-31751

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:37.960

Modified: 2026-05-07T19:11:00.483

Link: CVE-2026-31751

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31751 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T20:45:22Z

Weaknesses