Description
In the Linux kernel, the following vulnerability has been resolved: comedi: das16m1: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: /* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */ if ((1 << it->options[1]) & 0xdcfc) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test.
References (10)
Core 10
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Scores
CVSS v3
7.1
EPSS
0.0002
EPSS Percentile
6.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (10)
debian/debian_linux
11.0
linux/Kernel
3.14.0 - 5.4.297linux
linux/Kernel
5.11.0 - 5.15.190linux
linux/Kernel
5.16.0 - 6.1.147linux
linux/Kernel
5.5.0 - 5.10.241linux
linux/Kernel
6.13.0 - 6.15.8linux
linux/Kernel
6.2.0 - 6.6.100linux
linux/Kernel
6.7.0 - 6.12.40linux
linux/linux_kernel
6.16 rc1 (6 CPE variants)
linux/linux_kernel
3.14 - 5.4.297
Published
Jul 28, 2025
Tracked Since
Feb 18, 2026