CVE-2026-31423
Published: Apr 13, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < ad8e8fec40290a8c8cf145c0deaadf76f80c5163affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < ab1ff5890c7354afc7be56502fcfbd61f3b7ae4faffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 25b6821884713a31e2b49fb67b0ebd765b33e0a9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < c56f78614e7781aaceca9bd3cb2128bf7d45c3bdaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < b9e6431cbea8bb1fae8069ed099b4ee100499835+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now