GHSA-jx84-vrfm-c347 · Severity: high — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent...
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too large. If `it->options[1]` is 31, then `1 << it->options[1]` is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the `it->options[1]` value to 30 or lower, or using `1U << it->options[1]`. The old code would just not attempt to request the IRQ if the `options[1]` value were invalid. And it would still configure the device without interrupts even if the call to `request_irq` returned an error. So it would be better to combine this test with the test below.
Conclusion & alert: CVE-2025-39685 is rated Low Risk (30.2/100): CVSS High severity, with low exploitation likelihood (EPSS 0.02%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-09-06 | — | 0.02% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.1 | 3.1 | HIGH |
|
1.8 | 5.2 | [email protected] |
GHSA-jx84-vrfm-c347 · Severity: high — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2025-39685 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5, open 1. | https://security-tracker.debian.org/tracker/CVE-2025-39685 |
redhat
|
— | — | https://access.redhat.com/security/cve/CVE-2025-39685 |
suse
|
medium | CVE-2025-39685 severity moderate: SUSE including 469 source package names (2.1.3-6.80:kernel-default-base-6.4.0-35.1.21.12, 2.1.3-7.57:kernel-default-6.4.0-35.1, …), 1033 product×package rows across 207 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (207 product lines)): Fixed 619, Known Affected 231, Known Not Affected 143, First Fixed 21, Will Not Fix 19. | https://www.suse.com/security/cve/CVE-2025-39685/ |
ubuntu
|
medium | CVE-2025-39685 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, ignored 180, released 150, needed 47, not-affected 17, needs-triage 2, pending 1. | https://ubuntu.com/security/CVE-2025-39685 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 3.13, < 5.15.190 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.16, < 6.1.149 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.2, < 6.6.103 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.7, < 6.12.44 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.13, < 6.16.4 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 6.17 | cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 6.17 | cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |