-

CVE-2025-38529

EPSS 0.06%
Veröffentlicht 16.08.2025 11:12:22
Zuletzt bearbeitet 03.11.2025 18:16:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

comedi: aio_iiro_16: Fix bit shift out of bounds

When checking for a supported IRQ number, the following test is used:

	if ((1 << it->options[1]) & 0xdcfc) {

However, `it->options[i]` is an unchecked `int` value from userspace, so
the shift amount could be negative or out of bounds.  Fix the test by
requiring `it->options[1]` to be within bounds before proceeding with
the original test.  Valid `it->options[1]` values that select the IRQ
will be in the range [1,15]. The value 0 explicitly disables the use of
interrupts.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < a88692245c315bf8e225f205297a6f4b13d6856a

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < 5ac7c60439236fb691b8c7987390e2327bbf18fa

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < c593215385f0c0163015cca4512ed3ff42875d19

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < 955e8835855fed8e87f7d8c8075564a1746c1b4c

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < e0f3c0867d7d231c70984f05c97752caacd0daba

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < 43ddd82e6a91913cea1c078e782afd8de60c3a53

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

Version < 66acb1586737a22dd7b78abc63213b1bcaa100e4

Version ad7a370c8be47247f68f7187cc82f4f25a347116

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.0

Status affected

Version < 4.0

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.147

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7

https://git.kernel.org/stable/c/955e8835855fed8e87f7d8c8075564a1746c1b4c

https://git.kernel.org/stable/c/e0f3c0867d7d231c70984f05c97752caacd0daba

https://git.kernel.org/stable/c/43ddd82e6a91913cea1c078e782afd8de60c3a53

https://git.kernel.org/stable/c/66acb1586737a22dd7b78abc63213b1bcaa100e4

https://git.kernel.org/stable/c/5ac7c60439236fb691b8c7987390e2327bbf18fa

https://git.kernel.org/stable/c/a88692245c315bf8e225f205297a6f4b13d6856a

https://git.kernel.org/stable/c/c593215385f0c0163015cca4512ed3ff42875d19

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://nvd.nist.gov/vuln/detail/CVE-2025-38529

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38529

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38529

EUVD