Description
In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & 0xdcfc) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts.
References (10)
Core 10
Core References
Third Party Advisory, Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory, Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Scores
CVSS v3
7.1
EPSS
0.0002
EPSS Percentile
5.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (10)
debian/debian_linux
11.0
linux/Kernel
4.0.0 - 5.4.297linux
linux/Kernel
5.11.0 - 5.15.190linux
linux/Kernel
5.16.0 - 6.1.147linux
linux/Kernel
5.5.0 - 5.10.241linux
linux/Kernel
6.13.0 - 6.15.8linux
linux/Kernel
6.2.0 - 6.6.100linux
linux/Kernel
6.7.0 - 6.12.40linux
linux/linux_kernel
6.16 rc1 (6 CPE variants)
linux/linux_kernel
4.0 - 5.4.297
Published
Aug 16, 2025
Tracked Since
Feb 18, 2026