-

CVE-2025-38482

EPSS 0.04%
Published 28.07.2025 11:21:47
Last modified 28.08.2025 15:15:50
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

comedi: das6402: Fix bit shift out of bounds

When checking for a supported IRQ number, the following test is used:

	/* IRQs 2,3,5,6,7, 10,11,15 are valid for "enhanced" mode */
	if ((1 << it->options[1]) & 0x8cec) {

However, `it->options[i]` is an unchecked `int` value from userspace, so
the shift amount could be negative or out of bounds.  Fix the test by
requiring `it->options[1]` to be within bounds before proceeding with
the original test.  Valid `it->options[1]` values that select the IRQ
will be in the range [1,15]. The value 0 explicitly disables the use of
interrupts.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < a15e9c175f783298c4ee48146be6841335400406

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < de8da1063cce9234d55c8270d9bdf4cf84411c80

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < 73f34d609397805c20d6b2ef5c07a4cbf7c4d63a

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < a18a42e77545afcacd6a2b8d9fc16191b87454df

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < 8a3637027ceeba4ca5e500b23cb7d24c25592513

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < 3eab654f5d199ecd45403c6588cda63e491fcfca

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < 4a3c18cde02e35aba87e0ad5672b3e1c72dda5a4

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

Version < 70f2b28b5243df557f51c054c20058ae207baaac

Version 79e5e6addbb18bf56075f0ff552094a28636dd03

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 3.15

Status affected

Version < 3.15

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.147

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/a18a42e77545afcacd6a2b8d9fc16191b87454df

https://git.kernel.org/stable/c/8a3637027ceeba4ca5e500b23cb7d24c25592513

https://git.kernel.org/stable/c/3eab654f5d199ecd45403c6588cda63e491fcfca

https://git.kernel.org/stable/c/4a3c18cde02e35aba87e0ad5672b3e1c72dda5a4

https://git.kernel.org/stable/c/70f2b28b5243df557f51c054c20058ae207baaac

https://git.kernel.org/stable/c/73f34d609397805c20d6b2ef5c07a4cbf7c4d63a

https://git.kernel.org/stable/c/a15e9c175f783298c4ee48146be6841335400406

https://git.kernel.org/stable/c/de8da1063cce9234d55c8270d9bdf4cf84411c80

https://nvd.nist.gov/vuln/detail/CVE-2025-38482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38482

EUVD