Skip to main content

Linux Kernel CVE-2026-31618

| EUVDEUVD-2026-25511 MEDIUM
Divide By Zero (CWE-369)
2026-04-24 Linux GHSA-879h-m867-cpjq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 14:22 vuln.today
CVSS changed
Apr 28, 2026 - 14:22 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 14:07 nvd
Patch available
Patch available
Apr 24, 2026 - 16:16 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25511
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:42 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that same crash from happening in the udlfb driver as it uses pixclock directly when dividing, which will crash.

AnalysisAI

Divide-by-zero denial of service in Linux kernel framebuffer driver tdfxfb allows local authenticated users to crash the system by issuing a malformed FBIOPUT_VSCREENINFO ioctl with zero pixclock value. The vulnerability affects the framebuffer video mode setting functionality when pixclock is used directly in division operations without validation, triggering a kernel panic.

Technical ContextAI

The tdfxfb driver is a Linux kernel framebuffer device driver for 3Dfx Voodoo graphics cards. The vulnerability exists in the FBIOPUT_VSCREENINFO ioctl handler, which accepts screen information parameters from userspace including pixclock (pixel clock frequency). The driver uses pixclock directly in frequency calculations involving division without first validating it is non-zero. This is a classic divide-by-zero arithmetic flaw (CWE-369) in kernel code that lacks input validation. The issue was identified by reference to a similar fix in the unrelated pm2fb driver (commit 19f953e74356), suggesting a systemic pattern of this flaw in framebuffer drivers. The CPE indicates all Linux kernel versions are affected across architecture and variant combinations.

RemediationAI

Patch immediately to the fixed stable kernel versions: 6.12.83, 6.18.24, 6.19.14, or 7.0.1 depending on your running kernel series. Update via your distribution's package manager (apt upgrade linux-image, dnf update kernel, etc.) and reboot. For systems unable to patch immediately, disable framebuffer device access via userspace by restricting permission on /dev/fb* device nodes (chmod 600 /dev/fb*) and removing unnecessary fbdev drivers from the kernel configuration if recompiling. However, these workarounds may impact GUI functionality or display management, so patching is strongly preferred. Reference fix commits are available at https://git.kernel.org/stable/c/53cb4e79a07124d2ebe502983c29800104080b47 and related commits listed in references.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31618 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy