CVE-2025-38530 Information

Aug 17, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

comedi: pcl812: Fix bit shift out of bounds

When checking for a supported IRQ number the following test is used:

if ((1 << it->options[1]) & board->irq_bits)

However it->options[i] is an unchecked int value from userspace so the shift amount could be negative or out of bounds. Fix the test by requiring it->options[1] to be within bounds before proceeding with the original test. Valid it->options[1] values that select the IRQ will be in the range [115]. The value 0 explicitly disables the use of interrupts.

Reference

https://git.kernel.org/stable/c/16c173abee315953fd17a279352fec4a1faee862 https://git.kernel.org/stable/c/5bfa301e1e59a9b1a7b62a800b54852337c97416 https://git.kernel.org/stable/c/7e470d8efd10725b189ca8951973a8425932398a https://git.kernel.org/stable/c/a27e27eee313fe1c450b6af1e80e64412546cab4 https://git.kernel.org/stable/c/b14b076ce593f72585412fc7fd3747e03a5e3632

CNNVD-202508-1949 (Published: 2025-08-16)

Share on:

CVE-2025-38530 Information

Description

Reference

Related CNNVD