CVE-2025-38482
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability could lead to unexpected behavior or crashes in the Linux kernel due to invalid bit shift operations caused by unvalidated user input. This may potentially be exploited to cause denial of service or other unintended effects in systems using the affected driver.
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's comedi das6402 driver. It involves an unchecked bit shift operation where a value from userspace (it->options[1]) is used as the shift amount without validation. Because this value can be negative or out of bounds, it can cause a bit shift out of bounds error. The fix requires validating that it->options[1] is within the range [1,15] before performing the bit shift, ensuring only valid IRQ numbers are used.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the comedi das6402 driver has been fixed to properly check the IRQ number bounds before performing bit shifts. Specifically, ensure that the kernel includes the patch that validates it->options[1] is within the range [1,15] before using it. Avoid using untrusted userspace input for IRQ options until the fix is applied.