Linux Kernel Comedi PCL812 Driver Bit Shift Vulnerability

A vulnerability in the Linux kernel's Comedi PCL812 driver allows for an out-of-bounds bit shift when handling IRQ numbers. The issue arises because 'it->options[1]' is an unchecked integer from userspace, which could lead to negative or out-of-bounds shift amounts. This vulnerability affects several versions of the Linux kernel, specifically in the stable branch, and has been addressed by adding a bounds check to ensure that 'it->options[1]' is within a valid range before performing the bit shift operation.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the driver, potentially allowing for incorrect handling of interrupts or other related operations.

Reproduction

The vulnerability can be reproduced by loading the Comedi PCL812 driver with a configuration that includes an invalid IRQ option. This can be done by specifying an 'options' value that leads to a negative shift or a shift greater than 15, which is out of the valid range for IRQ selection. The driver will then attempt to process the IRQ option without proper validation, leading to the out-of-bounds bit shift.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel are available on the official Linux kernel website.