CVE-2026-31750

Published: May 1, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional exit case in do_cmd_ioctl() where runflags is not set. This caused chanlist not to be properly freed by do_become_nonbusy(), as it only frees chanlist when runflags is correctly set. Added a check in do_become_nonbusy() for the case where runflags is not set, to properly free the chanlist memory. [1] BUG: memory leak backtrace (crc 844a0efa): __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline] do_cmd_ioctl.part.0+0x112/0x350 drivers/comedi/comedi_fops.c:1890 do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]

Vendor	Product	Versions
Linux	Linux	affected `4e1da516debbe6a573ffa0392e2809d180d0575c - < 830c848aba9f047eb6b34288975ebeb8e8621451` affected `4e1da516debbe6a573ffa0392e2809d180d0575c - < 29f644f14b89e6c4965e3c89251929e451190a66`
Linux	Linux	affected `6.19` unaffected `0 - < 6.19` unaffected `6.19.12 - <= 6.19.` unaffected `7.0 - <= `

References

https://git.kernel.org/stable/c/830c848aba9f047eb6b34288975ebeb8e8621451

https://git.kernel.org/stable/c/29f644f14b89e6c4965e3c89251929e451190a66

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31750

Description

Affected Products

References