Acknowledged
Created: Sep 7, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]comedi: pcl726: Prevent invalid irq number[EOL][EOL]The reproducer passed in an irq number(0x80008000) that was too large,[EOL]which triggered the oob.[EOL][EOL]Added an interrupt number check to prevent users from passing in an irq[EOL]number that was too large.[EOL][EOL]If `it->options[1]` is 31, then `1 << it->options[1]` is still invalid[EOL]because it shifts a 1-bit into the sign bit (which is UB in C).[EOL]Possible solutions include reducing the upper bound on the[EOL]`it->options[1]` value to 30 or lower, or using `1U << it->options[1]`.[EOL][EOL]The old code would just not attempt to request the IRQ if the[EOL]`options[1]` value were invalid. And it would still configure the[EOL]device without interrupts even if the call to `request_irq` returned an[EOL]error. So it would be better to combine this test with the test below.
CREATE(Triage):(User=admin) [CVE-2025-39685 (https://nvd.nist.gov/vuln/detail/CVE-2025-39685)
