DEBIAN-CVE-2025-40106
In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a user program submits a command with chanlist_len set to zero, this causes a divide-by-zero error when the device processes data in the interrupt handler path. Add a check for zero chanlist_len at the beginning of the function, similar to the existing checks for !map and CMDF_RAWDATA flag. When chanlist_len is zero, update munge_count and return early, indicating the data was handled without munging. This prevents potential kernel panics from malformed user commands.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.113-1, 5.10.205-1, * |
| Debian:14 | linux | 6.16.12-1, 6.16.12-1, 6.16.12-2 |
| Debian:12 | linux | 6.1.64-1, 6.1.119-1, 6.1.76-1 |
| Debian:13 | linux | 6.12.43-1, 6.12.48-1, 6.12.57-1 |
| Debian:11 | linux-6.1 | 6.1.106-3~deb11u2, 6.1.106-3~deb11u3, 6.1.112-1~deb11u1 |
Timeline
- Oct 31, 2025 CVE Published
- Apr 28, 2026 CVE Updated