CVE-2025-40106 – comedi: fix divide-by-zero in comedi_buf_munge()

CVE ID : CVE-2025-40106

Published : Oct. 31, 2025, 10:15 a.m. | 1 hour, 11 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

comedi: fix divide-by-zero in comedi_buf_munge()

The comedi_buf_munge() function performs a modulo operation
`async->munge_chan %= async->cmd.chanlist_len` without first
checking if chanlist_len is zero. If a user program submits a command with
chanlist_len set to zero, this causes a divide-by-zero error when the device
processes data in the interrupt handler path.

Add a check for zero chanlist_len at the beginning of the
function, similar to the existing checks for !map and
CMDF_RAWDATA flag. When chanlist_len is zero, update
munge_count and return early, indicating the data was
handled without munging.

This prevents potential kernel panics from malformed user commands.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…