CVE-2025-38483 Information

Jul 29, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

comedi: das16m1: Fix bit shift out of bounds

When checking for a supported IRQ number the following test is used:

/ only irqs 2 3 4 5 6 7 10 11 12 14 and 15 are valid /
if ((1 << it->options[1]) & 0xdcfc)

However it->options[i] is an unchecked int value from userspace so the shift amount could be negative or out of bounds. Fix the test by requiring it->options[1] to be within bounds before proceeding with the original test.

Reference

https://git.kernel.org/stable/c/076b13ee60eb01ed0d140ef261f95534562a3077 https://git.kernel.org/stable/c/65c03e6fc524eb2868abedffd8a4613d78abc288 https://git.kernel.org/stable/c/adb7df8a8f9d788423e161b779764527dd3ec2d0 https://git.kernel.org/stable/c/ed93c6f68a3be06e4e0c331c6e751f462dee3932 https://git.kernel.org/stable/c/f211572818ed5bec2b3f5d4e0719ef8699b3c269

CNNVD-202507-3461 (Published: 2025-07-28)

Share on:

CVE-2025-38483 Information

Description

Reference

Related CNNVD