Linux Kernel Comedi Driver AIO IIRO 16 Bit Shift Vulnerability in IRQ Handling

A vulnerability in the Linux kernel's Comedi driver for the AIO IIRO 16 interface has been addressed. The issue involved an unchecked integer value from userspace, which could lead to a bit shift operation being out of bounds when verifying supported IRQ numbers. This flaw allowed for potential manipulation of interrupt handling. The vulnerability affected several versions of the Linux kernel, specifically versions 5.13 and later.

Impact

The vulnerability could lead to out-of-bounds bit shifting, allowing for improper handling of IRQ numbers, which could disrupt normal interrupt processing or potentially be exploited to cause other unintended behaviors.

Reproduction

The vulnerability can be reproduced by setting an invalid IRQ option in the AIO IIRO 16 Comedi driver. This can be done by specifying a value for 'it->options[1]' that is outside the valid range of 1 to 15, such as a negative number or a value greater than 15. Once the invalid option is set, the driver will incorrectly process the IRQ number, demonstrating the out-of-bounds bit shift issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the updated kernel can be found on the official Linux kernel website.