CVE-2025-38530
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.10.244 |
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's comedi pcl812 driver. It involves an unchecked integer value from userspace used as a bit shift amount when checking for a supported IRQ number. Because the value is unchecked, it can be negative or out of bounds, leading to a bit shift out of bounds error. The fix requires validating that the value is within the range [1,15] before performing the bit shift operation.
How can this vulnerability impact me? :
The vulnerability could allow improper handling of IRQ numbers due to out-of-bounds bit shifts, potentially leading to kernel instability or crashes. This could affect system reliability or security if exploited.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the pcl812 driver has been fixed to properly validate the it->options[1] value before using it in bit shift operations. This prevents out-of-bounds or negative shift amounts. Until the update is applied, avoid using untrusted userspace inputs for the pcl812 device options, especially the IRQ number settings.