Integer Division Overflow in Linux Kernel Affecting Device Drivers
CVE-2025-40293

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40293?

A vulnerability has been identified in the Linux kernel related to integer division overflow during dirty tracking in device drivers. Specifically, when the page shift parameter (pgshift) is set to 63, the computation involving BITS_PER_TYPE(*) can overflow, resulting in an incorrect division by 0. This flaw can potentially cause disruptions in system operations, as it produces incorrect indexing of memory. The kernel developers have reorganized the mathematical approach to prevent overflow by dividing by shift rather than directly computing the overflow-prone formula. Users are advised to apply the latest security patches to mitigate this issue.

Affected Version(s)

Linux 58ccf0190d19d9a8a41f8a02b9e06742b58df4a1 < 07105e61882ff4a7d58db63cc5f9e90c6c60506c

Linux 58ccf0190d19d9a8a41f8a02b9e06742b58df4a1 < 4c8a4f1d34eced168cc0b3a3dfe7b6dcc2090f69

Linux 58ccf0190d19d9a8a41f8a02b9e06742b58df4a1

References

https://git.kernel.org/stable/c/07105e61882ff4a7d58db63cc...

https://git.kernel.org/stable/c/4c8a4f1d34eced168cc0b3a3d...

https://git.kernel.org/stable/c/de7f2c67ceb1941b05b04ac35...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON