CVE-2025-39685
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: pcl726: Prevent invalid irq number
The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob.
Added an interrupt number check to prevent users from passing in an irq number that was too large.
If it->options[1] is 31, then 1 << it->options[1] is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the it->options[1] value to 30 or lower, or using 1U << it->options[1].
The old code would just not attempt to request the IRQ if the options[1] value were invalid. And it would still configure the device without interrupts even if the call to request_irq returned an error. So it would be better to combine this test with the test below.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2025-39685: Linux kernel comedi pcl726 driver misses irq number validation, leading to out-of-bounds access from a large user-supplied irq number.
Vulnerability
Description
CVE-2025-39685 is a vulnerability in the Linux kernel's comedi subsystem, specifically in the pcl726 driver. The driver fails to validate the interrupt request (IRQ) number provided by a user via the options[1] field. A specially crafted, overly large value (e.g., 0x80008000) triggers an out-of-bounds (OOB) access. [2][3][4]
Exploitation
Prerequisites
An attacker needs local access to the system and the ability to pass a malicious IRQ number to the comedi device configuration interface. No special privileges beyond those required to interact with comedi devices are mentioned; however, the attack surface is limited to systems where the comedi pcl726 driver is loaded and accessible. [1]
Impact
Successful exploitation can lead to an out-of-bounds memory access, potentially causing system instability or a denial of service (DoS). The vulnerability does not appear to enable remote code execution; the primary impact is integrity and availability of the affected system. [1]
Mitigation
The fix introduces a check to reject invalid IRQ numbers (e.g., greater than 30) before the value is used in shift or bit operations, preventing the OOB condition. The patch has been applied to the Linux kernel stable branches. Users should update to a patched kernel version. Additionally, Siemens has listed this CVE as affecting SIMATIC CN 4100 devices before V5.0, advising an update to mitigate the risk. [1][2][3][4]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Linux/Linuxv5Range: 3.13
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/0eb4ed2aa261dee228f1668dbfa6d87353e8162dnvdPatch
- git.kernel.org/stable/c/5a33d07c94ba91306093e823112a7aa9727549f6nvdPatch
- git.kernel.org/stable/c/96cb948408b3adb69df7e451ba7da9d21f814d00nvdPatch
- git.kernel.org/stable/c/a3cfcd0c78c80ca7cd80372dc28f77d01be57bf6nvdPatch
- git.kernel.org/stable/c/bab220b0bb5af652007e278e8e8357f952b0e1eanvdPatch
- git.kernel.org/stable/c/d8992c9a01f81128f36acb7c5755530e21fcd059nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories