U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38529 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & 0xdcfc) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/43ddd82e6a91913cea1c078e782afd8de60c3a53 kernel.org
https://git.kernel.org/stable/c/5ac7c60439236fb691b8c7987390e2327bbf18fa kernel.org
https://git.kernel.org/stable/c/66acb1586737a22dd7b78abc63213b1bcaa100e4 kernel.org
https://git.kernel.org/stable/c/955e8835855fed8e87f7d8c8075564a1746c1b4c kernel.org
https://git.kernel.org/stable/c/a88692245c315bf8e225f205297a6f4b13d6856a kernel.org
https://git.kernel.org/stable/c/c593215385f0c0163015cca4512ed3ff42875d19 kernel.org
https://git.kernel.org/stable/c/e0f3c0867d7d231c70984f05c97752caacd0daba kernel.org
https://git.kernel.org/stable/c/ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38529
NVD Published Date:
08/16/2025
NVD Last Modified:
08/28/2025
Source:
kernel.org