CVE-2025-40106
- Source
- https://cve.org/CVERecord?id=CVE-2025-40106
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40106.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40106
- Downstream
- Related
- Published
- 2025-10-31T09:41:46.740Z
- Modified
- 2026-03-20T12:43:11.024892Z
- Summary
- comedi: fix divide-by-zero in comedi_buf_munge()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
comedi: fix divide-by-zero in comedibufmunge()
The comedibufmunge() function performs a modulo operation
async->munge_chan %= async->cmd.chanlist_lenwithout first checking if chanlistlen is zero. If a user program submits a command with chanlistlen set to zero, this causes a divide-by-zero error when the device processes data in the interrupt handler path.Add a check for zero chanlistlen at the beginning of the function, similar to the existing checks for !map and CMDFRAWDATA flag. When chanlistlen is zero, update mungecount and return early, indicating the data was handled without munging.
This prevents potential kernel panics from malformed user commands.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40106.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2670932f2465793fea1ef073e40883e8390fa4d9
- https://git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631db
- https://git.kernel.org/stable/c/55520f65fd447e04099a2c44185453c18ea73b7e
- https://git.kernel.org/stable/c/6db19822512396be1a3e1e20c16c97270285ba1a
- https://git.kernel.org/stable/c/87b318ba81dda2ee7b603f4f6c55e78ec3e95974
- https://git.kernel.org/stable/c/8f3e4cd9be4b47246ea73ce5e3e0fa2f57f0d10c
- https://git.kernel.org/stable/c/a4bb5d1bc2f238461bcbe5303eb500466690bb2c
- https://git.kernel.org/stable/c/d4854eff25efb06d0d84c13e7129bbdba4125f8c
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40106.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40106
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceded9eccbe8970f6eedc1b978c157caf1251a896d4Fixed4ffea48c69cb2b96a281cb7e5e42d706996631dbFixed8f3e4cd9be4b47246ea73ce5e3e0fa2f57f0d10cFixed2670932f2465793fea1ef073e40883e8390fa4d9Fixed6db19822512396be1a3e1e20c16c97270285ba1aFixedd4854eff25efb06d0d84c13e7129bbdba4125f8cFixeda4bb5d1bc2f238461bcbe5303eb500466690bb2cFixed55520f65fd447e04099a2c44185453c18ea73b7eFixed87b318ba81dda2ee7b603f4f6c55e78ec3e95974
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.29Fixed5.4.301
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.246
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.196
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.158
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.115
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.56
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.6