Out of bounds bit shift vulnerability in Linux kernel affecting multiple products
CVE-2025-38530
What is CVE-2025-38530?
A vulnerability has been identified in the Linux kernel concerning the comedi driver for the pcl812 product. The flaw arises from improper validation of an integer value sourced from userspace, potentially leading to out-of-bounds bit shifts. Specifically, the check for a supported IRQ number can result in negative or excessive shift amounts when unchecked inputs are processed. This oversight necessitates an amendment to the existing validation logic to ensure that ‘it->options[1]’ is confined to valid IRQ range values, explicitly establishing that only numbers from 1 to 15 are permissible for selecting interrupts, while the value zero indicates that interrupts should not be utilized.
Affected Version(s)
Linux fcdb427bc7cf5e9e5d7280cf09c08dec49b49432 < 5bfa301e1e59a9b1a7b62a800b54852337c97416
Linux fcdb427bc7cf5e9e5d7280cf09c08dec49b49432 < 7e470d8efd10725b189ca8951973a8425932398a
Linux fcdb427bc7cf5e9e5d7280cf09c08dec49b49432