In the Linux kernel, the following vulnerability has been resolved:
comedi: runflags cannot determine whether to reclaim chanlist
syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional exit case in docmdioctl() where runflags is not set. This caused chanlist not to be properly freed by dobecomenonbusy(), as it only frees chanlist when runflags is correctly set.
Added a check in dobecomenonbusy() for the case where runflags is not set, to properly free the chanlist memory.
[1] BUG: memory leak backtrace (crc 844a0efa): __comedigetuserchanlist drivers/comedi/comedifops.c:1815 [inline] docmdioctl.part.0+0x112/0x350 drivers/comedi/comedifops.c:1890 docmdioctl drivers/comedi/comedifops.c:1858 [inline]
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31750.json",
"cna_assigner": "Linux"
}