AZL-66935

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66935.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66935

Upstream

CVE-2025-39685

Published

2025-09-05T18:15:45Z

Modified

2026-04-01T05:21:05.017330Z

Summary

CVE-2025-39685 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

comedi: pcl726: Prevent invalid irq number

The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob.

Added an interrupt number check to prevent users from passing in an irq number that was too large.

If it->options[1] is 31, then 1 << it->options[1] is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the it->options[1] value to 30 or lower, or using 1U << it->options[1].

The old code would just not attempt to request the IRQ if the options[1] value were invalid. And it would still configure the device without interrupts even if the call to request_irq returned an error. So it would be better to combine this test with the test below.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39685

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66935.json"