Skip to main content

Linux Kernel CVE-2026-31770

| EUVDEUVD-2026-26583 MEDIUM
Divide By Zero (CWE-369)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 11, 2026 - 18:07 vuln.today
CVSS changed
May 11, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26583
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (occ) Fix division by zero in occ_show_power_1()

In occ_show_power_1() case 1, the accumulator is divided by update_tag without checking for zero. If no samples have been collected yet (e.g. during early boot when the sensor block is included but hasn't been updated), update_tag is zero, causing a kernel divide-by-zero crash.

The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by zero issue") only addressed occ_get_powr_avg() used by occ_show_power_2() and occ_show_power_a0(). This separate code path in occ_show_power_1() was missed.

Fix this by reusing the existing occ_get_powr_avg() helper, which already handles the zero-sample case and uses mul_u64_u32_div() to multiply before dividing for better precision. Move the helper above occ_show_power_1() so it is visible at the call site.

[groeck: Fix alignment problems reported by checkpatch]

AnalysisAI

Denial of service via divide-by-zero crash in the hwmon OCC (On-Chip Controller) power monitoring driver affects Linux kernels when the power sensor is queried before initial data samples are collected, typically during early boot. Local attackers with unprivileged user privileges can trigger a kernel panic by accessing the affected sysfs power attribute, causing system availability impact. CVSS 5.5 reflects local attack vector and low complexity; EPSS 0.02% indicates low real-world exploitation probability despite the straightforward trigger condition.

Technical ContextAI

The hwmon OCC driver monitors power consumption on IBM POWER systems via the OpenPOWER On-Chip Controller. The vulnerable code path in occ_show_power_1() performs integer division on an accumulator value using update_tag as the divisor without validating that update_tag is non-zero. The update_tag field tracks the number of sensor samples collected; if zero (before the OCC sensor block has been updated), division by zero occurs. A 2019 fix addressed the same issue in occ_get_powr_avg() but missed this separate code path. The root cause is CWE-369 (divide by zero) - a missing validation check before arithmetic operation. The fix refactors the code to reuse the already-patched helper function which both validates the divisor and uses mul_u64_u32_div() for improved precision by multiplying before dividing.

RemediationAI

Upgrade the Linux kernel to a patched stable version: 5.10.253 or later for the 5.10 series, 5.15.203 or later for 5.15, 6.1.168 or later for 6.1, 6.6.134 or later for 6.6, 6.12.81 or later for 6.12, 6.18.22 or later for 6.18, 6.19.12 or later for 6.19, or 7.0 or later for mainline. For systems unable to upgrade immediately, restrict unprivileged user access to sysfs power attributes by removing read permissions on /sys/class/hwmon/hwmon*/power*_input or using SELinux/AppArmor policies to deny non-root access to hwmon OCC sysfs nodes - this trades off power monitoring visibility for availability. Verify that your system uses the hwmon OCC driver (check lsmod | grep occ or dmesg | grep -i occ) before applying mitigations; non-POWER systems are unaffected. Patch availability confirmed across multiple stable kernel branches via git.kernel.org stable commits.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31770 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy