vulnerability
Ubuntu: (Multiple Advisories) (CVE-2025-39684): Linux kernel vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Sep 5, 2025 | Dec 5, 2025 | Mar 18, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Sep 5, 2025
Added
Dec 5, 2025
Modified
Mar 18, 2026
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel
buffer is allocated to hold `insn->n` samples (each of which is an
`unsigned int`). For some instruction types, `insn->n` samples are
copied back to user-space, unless an error code is being returned. The
problem is that not all the instruction handlers that need to return
data to userspace fill in the whole `insn->n` samples, so that there is
an information leak. There is a similar syzbot report for
`do_insnlist_ioctl()`, although it does not have a reproducer for it at
the time of writing.
One culprit is `insn_rw_emulate_bits()` which is used as the handler for
`INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have
a specific handler for that instruction, but do have an `INSN_BITS`
handler. For `INSN_READ` it only fills in at most 1 sample, so if
`insn->n` is greater than 1, the remaining `insn->n - 1` samples copied
to userspace will be uninitialized kernel data.
Another culprit is `vm80xx_ai_insn_read()` in the "vm80xx" driver. It
never returns an error, even if it fails to fill the buffer.
Fix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure
that uninitialized parts of the allocated buffer are zeroed before
handling each instruction.
Thanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix
replaced the call to `kmalloc_array()` with `kcalloc()`, but it is not
always necessary to clear the whole buffer.
Solutions
ubuntu-upgrade-linux-image-5-15-0-1038-nvidia-tegra-igxubuntu-upgrade-linux-image-5-15-0-1038-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-5-15-0-1049-nvidia-tegraubuntu-upgrade-linux-image-5-15-0-1049-nvidia-tegra-rtubuntu-upgrade-linux-image-5-15-0-1061-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1080-gkeopubuntu-upgrade-linux-image-5-15-0-1089-intel-iot-realtimeubuntu-upgrade-linux-image-5-15-0-1089-kvmubuntu-upgrade-linux-image-5-15-0-1091-ibmubuntu-upgrade-linux-image-5-15-0-1091-raspiubuntu-upgrade-linux-image-5-15-0-1092-intel-iotgubuntu-upgrade-linux-image-5-15-0-1092-nvidiaubuntu-upgrade-linux-image-5-15-0-1092-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1093-gkeubuntu-upgrade-linux-image-5-15-0-1094-oracleubuntu-upgrade-linux-image-5-15-0-1096-realtimeubuntu-upgrade-linux-image-5-15-0-1097-awsubuntu-upgrade-linux-image-5-15-0-1097-aws-64kubuntu-upgrade-linux-image-5-15-0-1097-aws-fipsubuntu-upgrade-linux-image-5-15-0-1097-gcpubuntu-upgrade-linux-image-5-15-0-1097-gcp-fipsubuntu-upgrade-linux-image-5-15-0-1101-azureubuntu-upgrade-linux-image-5-15-0-1101-azure-fipsubuntu-upgrade-linux-image-5-15-0-1102-azureubuntu-upgrade-linux-image-5-15-0-163-fipsubuntu-upgrade-linux-image-5-15-0-163-genericubuntu-upgrade-linux-image-5-15-0-163-generic-64kubuntu-upgrade-linux-image-5-15-0-163-generic-lpaeubuntu-upgrade-linux-image-5-15-0-163-lowlatencyubuntu-upgrade-linux-image-5-15-0-163-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-100-fipsubuntu-upgrade-linux-image-6-8-0-100-genericubuntu-upgrade-linux-image-6-8-0-100-generic-64kubuntu-upgrade-linux-image-6-8-0-100-lowlatencyubuntu-upgrade-linux-image-6-8-0-100-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1023-xilinxubuntu-upgrade-linux-image-6-8-0-1030-gkeopubuntu-upgrade-linux-image-6-8-0-1043-gkeubuntu-upgrade-linux-image-6-8-0-1043-gke-64kubuntu-upgrade-linux-image-6-8-0-1043-oracleubuntu-upgrade-linux-image-6-8-0-1043-oracle-64kubuntu-upgrade-linux-image-6-8-0-1044-ibmubuntu-upgrade-linux-image-6-8-0-1046-awsubuntu-upgrade-linux-image-6-8-0-1046-aws-64kubuntu-upgrade-linux-image-6-8-0-1046-aws-fipsubuntu-upgrade-linux-image-6-8-0-1046-azureubuntu-upgrade-linux-image-6-8-0-1046-azure-fipsubuntu-upgrade-linux-image-6-8-0-1046-nvidiaubuntu-upgrade-linux-image-6-8-0-1046-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1046-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1046-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1047-gcpubuntu-upgrade-linux-image-6-8-0-1047-gcp-64kubuntu-upgrade-linux-image-6-8-0-1047-gcp-fipsubuntu-upgrade-linux-image-6-8-0-1047-raspiubuntu-upgrade-linux-image-6-8-0-2037-raspi-realtimeubuntu-upgrade-linux-image-6-8-1-1041-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-5-15ubuntu-upgrade-linux-image-aws-6-8ubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-aws-64k-5-15ubuntu-upgrade-linux-image-aws-64k-6-8ubuntu-upgrade-linux-image-aws-64k-lts-22-04ubuntu-upgrade-linux-image-aws-64k-lts-24-04ubuntu-upgrade-linux-image-aws-fipsubuntu-upgrade-linux-image-aws-fips-5-15ubuntu-upgrade-linux-image-aws-fips-6-8ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-aws-lts-24-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-5-15ubuntu-upgrade-linux-image-azure-6-8ubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fipsubuntu-upgrade-linux-image-azure-fips-5-15ubuntu-upgrade-linux-image-azure-fips-6-8ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-azure-lts-24-04ubuntu-upgrade-linux-image-fipsubuntu-upgrade-linux-image-fips-5-15ubuntu-upgrade-linux-image-fips-6-8ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-5-15ubuntu-upgrade-linux-image-gcp-6-8ubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-6-8ubuntu-upgrade-linux-image-gcp-64k-lts-24-04ubuntu-upgrade-linux-image-gcp-fipsubuntu-upgrade-linux-image-gcp-fips-5-15ubuntu-upgrade-linux-image-gcp-fips-6-8ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-gcp-lts-24-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-5-15ubuntu-upgrade-linux-image-generic-6-8ubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-5-15ubuntu-upgrade-linux-image-generic-64k-6-8ubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-5-15ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gke-6-8ubuntu-upgrade-linux-image-gke-64kubuntu-upgrade-linux-image-gke-64k-6-8ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-5-15ubuntu-upgrade-linux-image-ibm-6-8ubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iot-realtimeubuntu-upgrade-linux-image-intel-iot-realtime-5-15ubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-intel-iotg-5-15ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-kvm-5-15ubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-5-15ubuntu-upgrade-linux-image-lowlatency-6-8ubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-5-15ubuntu-upgrade-linux-image-lowlatency-64k-6-8ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-5-15ubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-5-15ubuntu-upgrade-linux-image-nvidia-lowlatency-6-8ubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-nvidia-lowlatency-64k-6-8ubuntu-upgrade-linux-image-nvidia-tegraubuntu-upgrade-linux-image-nvidia-tegra-5-15ubuntu-upgrade-linux-image-nvidia-tegra-igxubuntu-upgrade-linux-image-nvidia-tegra-igx-5-15ubuntu-upgrade-linux-image-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-nvidia-tegra-igx-rt-5-15ubuntu-upgrade-linux-image-nvidia-tegra-rtubuntu-upgrade-linux-image-nvidia-tegra-rt-5-15ubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-5-15ubuntu-upgrade-linux-image-oracle-6-8ubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-6-8ubuntu-upgrade-linux-image-oracle-64k-lts-24-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-oracle-lts-24-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-5-15ubuntu-upgrade-linux-image-raspi-6-8ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi-realtimeubuntu-upgrade-linux-image-raspi-realtime-6-8ubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-5-15ubuntu-upgrade-linux-image-realtime-6-8-1ubuntu-upgrade-linux-image-realtime-hwe-22-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-5-15ubuntu-upgrade-linux-image-virtual-6-8ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-xilinxubuntu-upgrade-linux-image-xilinx-6-8ubuntu-upgrade-linux-image-xilinx-zynqmpubuntu-upgrade-linux-image-xilinx-zynqmp-5-15
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.