CVE-2025-38482

NameCVE-2025-38482
DescriptionIn the Linux kernel, the following vulnerability has been resolved: comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: /* IRQs 2,3,5,6,7, 10,11,15 are valid for "enhanced" mode */ if ((1 << it->options[1]) & 0x8cec) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5973-1, DSA-5975-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.237-1vulnerable
bookworm6.1.148-1fixed
bookworm (security)6.1.147-1fixed
trixie6.12.43-1fixed
trixie (security)6.12.41-1fixed
forky6.16.3-1fixed
sid6.16.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebookworm6.1.147-1DSA-5973-1
linuxsourcetrixie6.12.41-1DSA-5975-1
linuxsource(unstable)6.16.3-1

Notes

https://git.kernel.org/linus/70f2b28b5243df557f51c054c20058ae207baaac (6.16-rc7)

Search for package or bug name: Reporting problems