Potential Out-of-Bounds Shift Vulnerability in Linux Kernel
CVE-2025-38529
What is CVE-2025-38529?
A vulnerability exists in the Linux kernel's comedi driver due to improper handling of an unchecked integer value from user input, specifically during the evaluation of a supported IRQ number. When the kernel shifts bits based on user-defined options, negative or excessively high values may lead to unexpected behavior or system instability. To enhance security, the test now restricts the IRQ selection to valid values, ensuring that inputs fall within the safe range of [1,15]. A value of 0 is specifically designated to disable interrupts. This fix mitigates potential risks associated with out-of-bounds bit shifting.
Affected Version(s)
Linux ad7a370c8be47247f68f7187cc82f4f25a347116
Linux ad7a370c8be47247f68f7187cc82f4f25a347116 < 955e8835855fed8e87f7d8c8075564a1746c1b4c
Linux ad7a370c8be47247f68f7187cc82f4f25a347116