{"id":"CVE-2026-31751","summary":"comedi: dt2815: add hardware detection to prevent crash","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: dt2815: add hardware detection to prevent crash\n\nThe dt2815 driver crashes when attached to I/O ports without actual\nhardware present. This occurs because syzkaller or users can attach\nthe driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl.\n\nWhen no hardware exists at the specified port, inb() operations return\n0xff (floating bus), but outb() operations can trigger page faults due\nto undefined behavior, especially under race conditions:\n\n  BUG: unable to handle page fault for address: 000000007fffff90\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  RIP: 0010:dt2815_attach+0x6e0/0x1110\n\nAdd hardware detection by reading the status register before attempting\nany write operations. If the read returns 0xff, assume no hardware is\npresent and fail the attach with -ENODEV. This prevents crashes from\noutb() operations on non-existent hardware.","modified":"2026-07-08T07:01:41.000982672Z","published":"2026-05-01T14:14:43.551Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31751.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0dcf33994b8dcf3db36530fb7e2cf9f89e5cbac3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/34b13250c618d7441508c6ef369144aa8a9b9bfa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/34c8b3a91bdfbe4573650b4cd750ef639101fdc5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65c528fbeddd88478c210052f6c7b21be4973156"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8d63161837f1bf8810dbcd2a583c2bbf5ca6d733"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93853512f565e625df2397f0d8050d6aafd7c3ad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d2a786efdb9971f2a647724625da5bbecc994dc9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5d9df8b08d68d083ac57abc2c887dfb1f31af63"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31751.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31751"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d6a929b7608ae157cef86d00cc580d1038f0b985"},{"fixed":"8d63161837f1bf8810dbcd2a583c2bbf5ca6d733"},{"fixed":"d2a786efdb9971f2a647724625da5bbecc994dc9"},{"fixed":"0dcf33994b8dcf3db36530fb7e2cf9f89e5cbac3"},{"fixed":"d5d9df8b08d68d083ac57abc2c887dfb1f31af63"},{"fixed":"65c528fbeddd88478c210052f6c7b21be4973156"},{"fixed":"34c8b3a91bdfbe4573650b4cd750ef639101fdc5"},{"fixed":"34b13250c618d7441508c6ef369144aa8a9b9bfa"},{"fixed":"93853512f565e625df2397f0d8050d6aafd7c3ad"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31751.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.30"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.134"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31751.json"}}],"schema_version":"1.7.5"}