CVE-2025-38530

EUVD-2025-26111

16.08.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

comedi: pcl812: Fix bit shift out of bounds

When checking for a supported IRQ number, the following test is used:

	if ((1 << it->options[1]) & board->irq_bits) {

However, `it->options[i]` is an unchecked `int` value from userspace, so
the shift amount could be negative or out of bounds.  Fix the test by
requiring `it->options[1]` to be within bounds before proceeding with
the original test.  Valid `it->options[1]` values that select the IRQ
will be in the range [1,15]. The value 0 explicitly disables the use of
interrupts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	2.6.30 ≤ 𝑥 < 5.4.297
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.241
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.190
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.147
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.100
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.40
linux	linux_kernel	6.13 ≤ 𝑥 < 6.15.8
linux	linux_kernel	6.16:rc1
linux	linux_kernel	6.16:rc2
linux	linux_kernel	6.16:rc3
linux	linux_kernel	6.16:rc4
linux	linux_kernel	6.16:rc5
linux	linux_kernel	6.16:rc6
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.172-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.251-5 fixed
forky	7.0.7-1 fixed
sid	7.0.7-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.88-1 fixed

linux-6.1

bullseye (security)

6.1.172-1~deb11u1

fixed

openSUSE / SLES Releases

openSUSE Product

Release

kernel-64kb

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.2 fixed

kernel-default

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-default-base

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1.150600.12.30.2 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1.150700.17.11.2 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1.150600.12.30.2 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1.150700.17.11.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1.150600.12.30.2 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1.150700.17.11.2 fixed

kernel-default-extra

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise workstation 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise workstation 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-docs

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-macros

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-source

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-source-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.2 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.2 fixed

kernel-syms

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

kernel-syms-azure

suse enterprise sap 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.20.15.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.8.52.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.15.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise desktop 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise sap 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.70.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

reiserfs-kmp-default

suse enterprise sap 15 SP7	6.4.0-150700.53.16.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.16.1 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://git.kernel.org/stable/c/0489c30d080f07cc7f09d04de723d8c2ccdb61ef

https://git.kernel.org/stable/c/16c173abee315953fd17a279352fec4a1faee862

https://git.kernel.org/stable/c/29ef03e5b84431171d6b77b822985b54bc44b793

https://git.kernel.org/stable/c/374d9b3eb4b08407997ef1fce96119d31e0c0bc4

https://git.kernel.org/stable/c/5bfa301e1e59a9b1a7b62a800b54852337c97416

https://git.kernel.org/stable/c/7e470d8efd10725b189ca8951973a8425932398a

https://git.kernel.org/stable/c/a27e27eee313fe1c450b6af1e80e64412546cab4

https://git.kernel.org/stable/c/b14b076ce593f72585412fc7fd3747e03a5e3632

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html