SB20251208114 - Division by zero in Linux kernel vfio driver
Published: December 8, 2025
Security Bulletin ID
SB20251208114
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Division by zero (CVE-ID: CVE-2025-40293)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/07105e61882ff4a7d58db63cc5f9e90c6c60506c
- https://git.kernel.org/stable/c/4c8a4f1d34eced168cc0b3a3dfe7b6dcc2090f69
- https://git.kernel.org/stable/c/cb30dfa75d55eced379a42fd67bd5fb7ec38555e
- https://git.kernel.org/stable/c/dbf316fc90aa954dcd5440817f4b944627ed63e0
- https://git.kernel.org/stable/c/de7f2c67ceb1941b05b04ac35458a03e93cc57b1