{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38529","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.023Z","datePublished":"2025-08-16T11:12:22.447Z","dateUpdated":"2026-05-11T21:29:47.289Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:29:47.289Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: aio_iiro_16: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 << it->options[1]) & 0xdcfc) {\n\nHowever, `it->options[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds.  Fix the test by\nrequiring `it->options[1]` to be within bounds before proceeding with\nthe original test.  Valid `it->options[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/comedi/drivers/aio_iiro_16.c"],"versions":[{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"a88692245c315bf8e225f205297a6f4b13d6856a","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"5ac7c60439236fb691b8c7987390e2327bbf18fa","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"c593215385f0c0163015cca4512ed3ff42875d19","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"955e8835855fed8e87f7d8c8075564a1746c1b4c","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"e0f3c0867d7d231c70984f05c97752caacd0daba","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"43ddd82e6a91913cea1c078e782afd8de60c3a53","status":"affected","versionType":"git"},{"version":"ad7a370c8be47247f68f7187cc82f4f25a347116","lessThan":"66acb1586737a22dd7b78abc63213b1bcaa100e4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/comedi/drivers/aio_iiro_16.c"],"versions":[{"version":"4.0","status":"affected"},{"version":"0","lessThan":"4.0","status":"unaffected","versionType":"semver"},{"version":"5.4.297","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.241","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.190","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.147","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.100","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.40","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.8","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.4.297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.10.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.15.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"6.1.147"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"6.6.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"6.12.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"6.15.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a88692245c315bf8e225f205297a6f4b13d6856a"},{"url":"https://git.kernel.org/stable/c/5ac7c60439236fb691b8c7987390e2327bbf18fa"},{"url":"https://git.kernel.org/stable/c/c593215385f0c0163015cca4512ed3ff42875d19"},{"url":"https://git.kernel.org/stable/c/ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7"},{"url":"https://git.kernel.org/stable/c/955e8835855fed8e87f7d8c8075564a1746c1b4c"},{"url":"https://git.kernel.org/stable/c/e0f3c0867d7d231c70984f05c97752caacd0daba"},{"url":"https://git.kernel.org/stable/c/43ddd82e6a91913cea1c078e782afd8de60c3a53"},{"url":"https://git.kernel.org/stable/c/66acb1586737a22dd7b78abc63213b1bcaa100e4"}],"title":"comedi: aio_iiro_16: Fix bit shift out of bounds","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:39:26.794Z"}}]}}