CVE-2026-31749

MEDIUM EPSS 2.4%
Published May 1, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: ni_atmio16d: Fix invalid clean-up after failed attach If the driver's COMEDI "attach" handler function (`atmio16d_attach()`) returns an error, the COMEDI core will call the driver's "detach" handler function (`atmio16d_detach()`) to clean up. This calls `reset_atmio16d()` unconditionally, but depending on where the error occurred in the attach handler, the device may not have been sufficiently initialized to call `reset_atmio16d()`. It uses `dev->iobase` as the I/O port base address and `dev->private` as the pointer to the COMEDI device's private data structure. `dev->iobase` may still be set to its initial value of 0, which would result in undesired writes to low I/O port addresses. `dev->private` may still be `NULL`, which would result in null pointer dereferences. Fix `atmio16d_detach()` by checking that `dev->private` is valid (non-null) before calling `reset_atmio16d()`. This implies that `dev->iobase` was set correctly since that is set up before `dev->private`.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥2.6.30  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/101ab946b79ad83b36d5cfd47de587492a80acf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d8d88c8c0eec230de8f1f60e0920a4337939a88
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/933a2d6a95f9bfb203e562c9be1dd990c735535c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a01dd339ea6ac58b0967a50085622a6017351140
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d07d97ca4f7fac467cdcf4a012690853958b7e89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f517646e008fe99ca1800601cd011b110f8684ae
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/101ab946b79ad83b36d5cfd47de587492a80acf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d8d88c8c0eec230de8f1f60e0920a4337939a88
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/933a2d6a95f9bfb203e562c9be1dd990c735535c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a01dd339ea6ac58b0967a50085622a6017351140
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d07d97ca4f7fac467cdcf4a012690853958b7e89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f517646e008fe99ca1800601cd011b110f8684ae
    Patch