{"api_version":"1","generated_at":"2026-05-02T08:50:55+00:00","cve":"CVE-2026-31749","urls":{"html":"https://cve.report/CVE-2026-31749","api":"https://cve.report/api/cve/CVE-2026-31749.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31749","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31749"},"summary":{"title":"comedi: ni_atmio16d: Fix invalid clean-up after failed attach","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_atmio16d: Fix invalid clean-up after failed attach\n\nIf the driver's COMEDI \"attach\" handler function (`atmio16d_attach()`)\nreturns an error, the COMEDI core will call the driver's \"detach\"\nhandler function (`atmio16d_detach()`) to clean up.  This calls\n`reset_atmio16d()` unconditionally, but depending on where the error\noccurred in the attach handler, the device may not have been\nsufficiently initialized to call `reset_atmio16d()`.  It uses\n`dev->iobase` as the I/O port base address and `dev->private` as the\npointer to the COMEDI device's private data structure.  `dev->iobase`\nmay still be set to its initial value of 0, which would result in\nundesired writes to low I/O port addresses.  `dev->private` may still be\n`NULL`, which would result in null pointer dereferences.\n\nFix `atmio16d_detach()` by checking that `dev->private` is valid\n(non-null) before calling `reset_atmio16d()`.  This implies that\n`dev->iobase` was set correctly since that is set up before\n`dev->private`.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-01 15:16:37","updated_at":"2026-05-01 15:24:14"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/f517646e008fe99ca1800601cd011b110f8684ae","name":"https://git.kernel.org/stable/c/f517646e008fe99ca1800601cd011b110f8684ae","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3","name":"https://git.kernel.org/stable/c/3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/101ab946b79ad83b36d5cfd47de587492a80acf0","name":"https://git.kernel.org/stable/c/101ab946b79ad83b36d5cfd47de587492a80acf0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d07d97ca4f7fac467cdcf4a012690853958b7e89","name":"https://git.kernel.org/stable/c/d07d97ca4f7fac467cdcf4a012690853958b7e89","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/933a2d6a95f9bfb203e562c9be1dd990c735535c","name":"https://git.kernel.org/stable/c/933a2d6a95f9bfb203e562c9be1dd990c735535c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a01dd339ea6ac58b0967a50085622a6017351140","name":"https://git.kernel.org/stable/c/a01dd339ea6ac58b0967a50085622a6017351140","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/5d8d88c8c0eec230de8f1f60e0920a4337939a88","name":"https://git.kernel.org/stable/c/5d8d88c8c0eec230de8f1f60e0920a4337939a88","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2","name":"https://git.kernel.org/stable/c/43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31749","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31749","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a a01dd339ea6ac58b0967a50085622a6017351140 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a 933a2d6a95f9bfb203e562c9be1dd990c735535c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a 5d8d88c8c0eec230de8f1f60e0920a4337939a88 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a f517646e008fe99ca1800601cd011b110f8684ae git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a 3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a 43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a d07d97ca4f7fac467cdcf4a012690853958b7e89 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2323b276308a5da5774b778f39c7fd94b2a3022a 101ab946b79ad83b36d5cfd47de587492a80acf0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2.6.30","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 2.6.30 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.168 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.134 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.81 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.22 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.12 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/comedi/drivers/ni_atmio16d.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"a01dd339ea6ac58b0967a50085622a6017351140","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"933a2d6a95f9bfb203e562c9be1dd990c735535c","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"5d8d88c8c0eec230de8f1f60e0920a4337939a88","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"f517646e008fe99ca1800601cd011b110f8684ae","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"d07d97ca4f7fac467cdcf4a012690853958b7e89","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"},{"lessThan":"101ab946b79ad83b36d5cfd47de587492a80acf0","status":"affected","version":"2323b276308a5da5774b778f39c7fd94b2a3022a","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/comedi/drivers/ni_atmio16d.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"2.6.30"},{"lessThan":"2.6.30","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.168","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.134","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.81","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.22","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.12","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.168","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.134","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.81","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.22","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.12","versionStartIncluding":"2.6.30","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"2.6.30","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_atmio16d: Fix invalid clean-up after failed attach\n\nIf the driver's COMEDI \"attach\" handler function (`atmio16d_attach()`)\nreturns an error, the COMEDI core will call the driver's \"detach\"\nhandler function (`atmio16d_detach()`) to clean up.  This calls\n`reset_atmio16d()` unconditionally, but depending on where the error\noccurred in the attach handler, the device may not have been\nsufficiently initialized to call `reset_atmio16d()`.  It uses\n`dev->iobase` as the I/O port base address and `dev->private` as the\npointer to the COMEDI device's private data structure.  `dev->iobase`\nmay still be set to its initial value of 0, which would result in\nundesired writes to low I/O port addresses.  `dev->private` may still be\n`NULL`, which would result in null pointer dereferences.\n\nFix `atmio16d_detach()` by checking that `dev->private` is valid\n(non-null) before calling `reset_atmio16d()`.  This implies that\n`dev->iobase` was set correctly since that is set up before\n`dev->private`."}],"providerMetadata":{"dateUpdated":"2026-05-01T14:14:42.227Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/a01dd339ea6ac58b0967a50085622a6017351140"},{"url":"https://git.kernel.org/stable/c/933a2d6a95f9bfb203e562c9be1dd990c735535c"},{"url":"https://git.kernel.org/stable/c/5d8d88c8c0eec230de8f1f60e0920a4337939a88"},{"url":"https://git.kernel.org/stable/c/f517646e008fe99ca1800601cd011b110f8684ae"},{"url":"https://git.kernel.org/stable/c/3848ae00b1642e2c98ff8cbfd2d3b38c6f53b5c3"},{"url":"https://git.kernel.org/stable/c/43c68a2c7cc35b7c2a83c285cb4ad3d472b8caa2"},{"url":"https://git.kernel.org/stable/c/d07d97ca4f7fac467cdcf4a012690853958b7e89"},{"url":"https://git.kernel.org/stable/c/101ab946b79ad83b36d5cfd47de587492a80acf0"}],"title":"comedi: ni_atmio16d: Fix invalid clean-up after failed attach","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31749","datePublished":"2026-05-01T14:14:42.227Z","dateReserved":"2026-03-09T15:48:24.139Z","dateUpdated":"2026-05-01T14:14:42.227Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-01 15:16:37","lastModifiedDate":"2026-05-01 15:24:14","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31749","Ordinal":"1","Title":"comedi: ni_atmio16d: Fix invalid clean-up after failed attach","CVE":"CVE-2026-31749","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31749","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_atmio16d: Fix invalid clean-up after failed attach\n\nIf the driver's COMEDI \"attach\" handler function (`atmio16d_attach()`)\nreturns an error, the COMEDI core will call the driver's \"detach\"\nhandler function (`atmio16d_detach()`) to clean up.  This calls\n`reset_atmio16d()` unconditionally, but depending on where the error\noccurred in the attach handler, the device may not have been\nsufficiently initialized to call `reset_atmio16d()`.  It uses\n`dev->iobase` as the I/O port base address and `dev->private` as the\npointer to the COMEDI device's private data structure.  `dev->iobase`\nmay still be set to its initial value of 0, which would result in\nundesired writes to low I/O port addresses.  `dev->private` may still be\n`NULL`, which would result in null pointer dereferences.\n\nFix `atmio16d_detach()` by checking that `dev->private` is valid\n(non-null) before calling `reset_atmio16d()`.  This implies that\n`dev->iobase` was set correctly since that is set up before\n`dev->private`.","Type":"Description","Title":"comedi: ni_atmio16d: Fix invalid clean-up after failed attach"}]}}}