CVE-2025-38529
published 2025-08-16CVE-2025-38529: In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
comedi: aio_iiro_16: Fix bit shift out of bounds
When checking for a supported IRQ number, the following test is used:
if ((1 options[1]) & 0xdcfc) {
However, `it->options[i]` is an unchecked `int` value from userspace, so
the shift amount could be negative or out of bounds. Fix the test by
requiring `it->options[1]` to be within bounds before proceeding with
the original test. Valid `it->options[1]` values that select the IRQ
will be in the range [1,15]. The value 0 explicitly disables the use of
interrupts.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < a88692245c315bf8e225f205297a6f4b13d6856a | a88692245c315bf8e225f205297a6f4b13d6856a |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < 5ac7c60439236fb691b8c7987390e2327bbf18fa | 5ac7c60439236fb691b8c7987390e2327bbf18fa |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < c593215385f0c0163015cca4512ed3ff42875d19 | c593215385f0c0163015cca4512ed3ff42875d19 |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7 | ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7 |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < 955e8835855fed8e87f7d8c8075564a1746c1b4c | 955e8835855fed8e87f7d8c8075564a1746c1b4c |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < e0f3c0867d7d231c70984f05c97752caacd0daba | e0f3c0867d7d231c70984f05c97752caacd0daba |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < 43ddd82e6a91913cea1c078e782afd8de60c3a53 | 43ddd82e6a91913cea1c078e782afd8de60c3a53 |
| linux | linux | >= ad7a370c8be47247f68f7187cc82f4f25a347116 < 66acb1586737a22dd7b78abc63213b1bcaa100e4 | 66acb1586737a22dd7b78abc63213b1bcaa100e4 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 4.0 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.147 | 6.1.147 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.8 | 6.15.8 |
| linux | linux_kernel | >= 6.2 < 6.6.100 | 6.6.100 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH