CVE-2025-40106
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: fix divide-by-zero in comedi_buf_munge()
The comedi_buf_munge() function performs a modulo operation async->munge_chan %= async->cmd.chanlist_len without first checking if chanlist_len is zero. If a user program submits a command with chanlist_len set to zero, this causes a divide-by-zero error when the device processes data in the interrupt handler path.
Add a check for zero chanlist_len at the beginning of the function, similar to the existing checks for !map and CMDF_RAWDATA flag. When chanlist_len is zero, update munge_count and return early, indicating the data was handled without munging.
This prevents potential kernel panics from malformed user commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Divide-by-zero vulnerability in Linux kernel's comedi subsystem allows local users to cause kernel panic via crafted command with chanlist_len=0.
Vulnerability
The comedi_buf_munge() function in the Linux kernel's comedi subsystem performs a modulo operation async->munge_chan %= async->cmd.chanlist_len without verifying that chanlist_len is non-zero. If a user program submits a comedi command with chanlist_len set to zero, this results in a divide-by-zero error during data processing in the interrupt handler path.
Exploitation
An unprivileged local user can trigger this vulnerability by crafting a comedi command with chanlist_len = 0 and sending it to the comedi device. The bug is reachable through the standard comedi interface, requiring no special privileges beyond access to the comedi device.
Impact
Successful exploitation leads to a kernel panic, causing a denial of service (DoS) on the affected system. No privilege escalation is possible as the result is a crash.
Mitigation
Patches have been released for stable kernel branches [1][2][3][4]. Users should update their kernels to the latest patched versions. No workaround is available aside from restricting access to comedi devices.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
84ffea48c69cb8f3e4cd9be4b2670932f24656db198225123d4854eff25efa4bb5d1bc2f255520f65fd4487b318ba81ddVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/2670932f2465793fea1ef073e40883e8390fa4d9nvd
- git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631dbnvd
- git.kernel.org/stable/c/55520f65fd447e04099a2c44185453c18ea73b7envd
- git.kernel.org/stable/c/6db19822512396be1a3e1e20c16c97270285ba1anvd
- git.kernel.org/stable/c/87b318ba81dda2ee7b603f4f6c55e78ec3e95974nvd
- git.kernel.org/stable/c/8f3e4cd9be4b47246ea73ce5e3e0fa2f57f0d10cnvd
- git.kernel.org/stable/c/a4bb5d1bc2f238461bcbe5303eb500466690bb2cnvd
- git.kernel.org/stable/c/d4854eff25efb06d0d84c13e7129bbdba4125f8cnvd
News mentions
0No linked articles in our index yet.