Description
In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & 0xdcfc) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts.
Product status
ad7a370c8be47247f68f7187cc82f4f25a347116 before a88692245c315bf8e225f205297a6f4b13d6856a
ad7a370c8be47247f68f7187cc82f4f25a347116 before 5ac7c60439236fb691b8c7987390e2327bbf18fa
ad7a370c8be47247f68f7187cc82f4f25a347116 before c593215385f0c0163015cca4512ed3ff42875d19
ad7a370c8be47247f68f7187cc82f4f25a347116 before ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7
ad7a370c8be47247f68f7187cc82f4f25a347116 before 955e8835855fed8e87f7d8c8075564a1746c1b4c
ad7a370c8be47247f68f7187cc82f4f25a347116 before e0f3c0867d7d231c70984f05c97752caacd0daba
ad7a370c8be47247f68f7187cc82f4f25a347116 before 43ddd82e6a91913cea1c078e782afd8de60c3a53
ad7a370c8be47247f68f7187cc82f4f25a347116 before 66acb1586737a22dd7b78abc63213b1bcaa100e4
4.0
Any version before 4.0
5.4.297
5.10.241
5.15.190
6.1.147
6.6.100
6.12.40
6.15.8
6.16
References
git.kernel.org/...c/a88692245c315bf8e225f205297a6f4b13d6856a
git.kernel.org/...c/5ac7c60439236fb691b8c7987390e2327bbf18fa
git.kernel.org/...c/c593215385f0c0163015cca4512ed3ff42875d19
git.kernel.org/...c/ff30dd3f15f443d2a0085b12ec2cc95d44f35fa7
git.kernel.org/...c/955e8835855fed8e87f7d8c8075564a1746c1b4c
git.kernel.org/...c/e0f3c0867d7d231c70984f05c97752caacd0daba
git.kernel.org/...c/43ddd82e6a91913cea1c078e782afd8de60c3a53
git.kernel.org/...c/66acb1586737a22dd7b78abc63213b1bcaa100e4
