CVE-2025-40106

Linux Kernel - Denial of Service via comedi_buf_munge() Divide-by-Zero

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a user program submits a command with chanlist_len set to zero, this causes a divide-by-zero error when the device processes data in the interrupt handler path. Add a check for zero chanlist_len at the beginning of the function, similar to the existing checks for !map and CMDF_RAWDATA flag. When chanlist_len is zero, update munge_count and return early, indicating the data was handled without munging. This prevents potential kernel panics from malformed user commands.

Scores

EPSS 0.0019
EPSS Percentile 9.1%

Details

Status published
Products (25)
linux/Kernel 2.6.29 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.196linux
linux/Kernel 5.16.0 - 6.1.158linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.6linux
linux/Kernel 6.2.0 - 6.6.115linux
linux/Kernel 6.7.0 - 6.12.56linux
Linux/Linux < 2.6.29
Linux/Linux 2.6.29
Linux/Linux 5.10.246 - 5.10.*
... and 15 more
Published Oct 31, 2025
Tracked Since Feb 18, 2026