CVE-2025-40127
Description
In the Linux kernel, the following vulnerability has been resolved:
hwrng: ks-sa - fix division by zero in ks_sa_rng_init
Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer, resulting in division by zero when calculating delay values.
Add clock initialization code before using the clock.
drivers/char/hw_random/ks-sa-rng.c | 7 +++++++ 1 file changed, 7 insertions(+)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Division by zero in Linux kernel's ks-sa hardware RNG driver due to missing clock initialization causes denial of service.
The vulnerability is a division by zero in the ks-sa hardware random number generator driver's initialization function. The root cause is that clk_get_rate() is invoked on an uninitialized clock pointer, leading to a division by zero when computing delay values. This bug was introduced in a prior commit and remains exploitable until the driver is loaded.
Exploitation requires the ability to initialize the ks-sa hwrng device, which typically occurs during system boot or when the kernel module is loaded. No special privileges beyond local access are needed. The attack surface is limited to systems that incorporate the KeyStone SA hardware RNG.
The impact is a kernel panic (denial of service) triggered by the division by zero. An attacker who can force the driver to initialize can cause the system to crash, making the system unavailable.
The fix has been applied in multiple kernel stable commits. Users are advised to update their kernels to include the fix. No workaround is available other than avoiding use of the vulnerable driver.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
7692a04a1e0cdd76b099011faeec7e0e19c1ff4238064379a2b6bcce32cb555a70e1de75e612b1dfeb414Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- git.kernel.org/stable/c/2b6bcce32cb5aff84588a844a4d3f6dd5353b8e2nvd
- git.kernel.org/stable/c/55a70e1de75e5ff5f961c79a2cdc6a4468cc2bf2nvd
- git.kernel.org/stable/c/612b1dfeb414dfa780a6316014ceddf9a74ff5c0nvd
- git.kernel.org/stable/c/692a04a1e0cde1d80a33df0078c755cf02cd7268nvd
- git.kernel.org/stable/c/d76b099011fa056950f63d05ebb6160991242f6anvd
- git.kernel.org/stable/c/eec7e0e19c1fa75dc65e25aa6a21ef24a03849afnvd
- git.kernel.org/stable/c/f4238064379a91e71a9c258996acac43c50c2094nvd
News mentions
0No linked articles in our index yet.