Linux Kernel Vulnerability in Comedi Driver by The Linux Foundation
CVE-2025-38482
What is CVE-2025-38482?
A vulnerability exists in the Comedi driver of the Linux kernel, where the handling of IRQ numbers relies on unchecked values from userspace. This flaw arises when an invalid test is conducted on the shift amount, potentially leading to dangerous out-of-bounds operations. The fix requires validations to ensure that the value for it->options[1] remains within the acceptable range of [1,15], thereby averting potential disruptions caused by negative or excessive values. The consequence of exploiting this vulnerability could facilitate unwanted system behavior, making it crucial for users to update their Linux kernel versions.
Affected Version(s)
Linux 79e5e6addbb18bf56075f0ff552094a28636dd03
Linux 79e5e6addbb18bf56075f0ff552094a28636dd03 < 8a3637027ceeba4ca5e500b23cb7d24c25592513
Linux 79e5e6addbb18bf56075f0ff552094a28636dd03 < 3eab654f5d199ecd45403c6588cda63e491fcfca