CVE-2026-31750

Source
https://cve.org/CVERecord?id=CVE-2026-31750
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31750.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31750
Downstream
Published
2026-05-01T14:14:42.887Z
Modified
2026-07-08T07:15:47.164607214Z
Summary
comedi: runflags cannot determine whether to reclaim chanlist
Details

In the Linux kernel, the following vulnerability has been resolved:

comedi: runflags cannot determine whether to reclaim chanlist

syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional exit case in docmdioctl() where runflags is not set. This caused chanlist not to be properly freed by dobecomenonbusy(), as it only frees chanlist when runflags is correctly set.

Added a check in dobecomenonbusy() for the case where runflags is not set, to properly free the chanlist memory.

[1] BUG: memory leak backtrace (crc 844a0efa): __comedigetuserchanlist drivers/comedi/comedifops.c:1815 [inline] docmdioctl.part.0+0x112/0x350 drivers/comedi/comedifops.c:1890 docmdioctl drivers/comedi/comedifops.c:1858 [inline]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31750.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4e1da516debbe6a573ffa0392e2809d180d0575c
Fixed
830c848aba9f047eb6b34288975ebeb8e8621451
Fixed
29f644f14b89e6c4965e3c89251929e451190a66

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31750.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31750.json"