{"id":"CVE-2025-68258","summary":"comedi: multiq3: sanitize config options in multiq3_attach()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: multiq3: sanitize config options in multiq3_attach()\n\nSyzbot identified an issue [1] in multiq3_attach() that induces a\ntask timeout due to open() or COMEDI_DEVCONFIG ioctl operations,\nspecifically, in the case of multiq3 driver.\n\nThis problem arose when syzkaller managed to craft weird configuration\noptions used to specify the number of channels in encoder subdevice.\nIf a particularly great number is passed to s-\u003en_chan in\nmultiq3_attach() via it-\u003eoptions[2], then multiple calls to\nmultiq3_encoder_reset() at the end of driver-specific attach() method\nwill be running for minutes, thus blocking tasks and affected devices\nas well.\n\nWhile this issue is most likely not too dangerous for real-life\ndevices, it still makes sense to sanitize configuration inputs. Enable\na sensible limit on the number of encoder chips (4 chips max, each\nwith 2 channels) to stop this behaviour from manifesting.\n\n[1] Syzbot crash:\nINFO: task syz.2.19:6067 blocked for more than 143 seconds.\n...\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5254 [inline]\n __schedule+0x17c4/0x4d60 kernel/sched/core.c:6862\n __schedule_loop kernel/sched/core.c:6944 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:6959\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7016\n __mutex_lock_common kernel/locking/mutex.c:676 [inline]\n __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760\n comedi_open+0xc0/0x590 drivers/comedi/comedi_fops.c:2868\n chrdev_open+0x4cc/0x5e0 fs/char_dev.c:414\n do_dentry_open+0x953/0x13f0 fs/open.c:965\n vfs_open+0x3b/0x340 fs/open.c:1097\n...","modified":"2026-04-02T13:03:27.997935Z","published":"2025-12-16T14:45:00.920Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2025:15836-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68258.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/049f14557450351750f929ebfff36d849511e132"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4cde9a7e025cc09b88097c70606f6b30c22880f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/543f4c380c2e1f35e60528df7cb54705cda7fee3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8952bc1973cd54158c35e06bfb8c29ace7375a48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8dc2f02d3bada9247f00bfd2e5f61f68c389a0a3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ad7ed3c9c7b8408e8612697bc43a5441fe386c71"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f24c6e3a39fa355dabfb684c9ca82db579534e72"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9ff87aac7b37d462246c46d28912d382a8e2ea6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68258.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68258"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"77e01cdbad5175f56027fd6fae00bd0fc175651a"},{"fixed":"f9ff87aac7b37d462246c46d28912d382a8e2ea6"},{"fixed":"4cde9a7e025cc09b88097c70606f6b30c22880f4"},{"fixed":"ad7ed3c9c7b8408e8612697bc43a5441fe386c71"},{"fixed":"049f14557450351750f929ebfff36d849511e132"},{"fixed":"8952bc1973cd54158c35e06bfb8c29ace7375a48"},{"fixed":"8dc2f02d3bada9247f00bfd2e5f61f68c389a0a3"},{"fixed":"543f4c380c2e1f35e60528df7cb54705cda7fee3"},{"fixed":"f24c6e3a39fa355dabfb684c9ca82db579534e72"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68258.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.30"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.62"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68258.json"}}],"schema_version":"1.7.5"}