Skip to main content

Linux Kernel EUVDEUVD-2026-26580

| CVE-2026-31767 MEDIUM
Divide By Zero (CWE-369)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
4.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 11, 2026 - 20:15 vuln.today
CVSS changed
May 11, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26580
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode

Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and this is also how the Windows driver does things.

This should also fix a div-by-zero on some machines because the adjusted htotal ends up being so small that we end up with line_time_us==0 when trying to determine the vtotal value in command mode.

Note that this doesn't actually make the display on the Huawei Matebook E work, but at least the kernel no longer explodes when the driver loads.

(cherry picked from commit 0b475e91ecc2313207196c6d7fd5c53e1a878525)

AnalysisAI

Division-by-zero denial of service in Linux kernel's Intel i915 DRM driver when loading on certain machines with DSC (Display Stream Compression) enabled in command mode. The driver incorrectly applies horizontal timing adjustments based on compression ratio in command mode, causing line_time_us to become zero and triggering a kernel panic. Affects Linux kernel versions 5.6 and later; patch available via stable kernel releases.

Technical ContextAI

The vulnerability exists in the drm/i915/dsi (Intel integrated graphics Display Serial Interface) subsystem, specifically in DSC (Display Stream Compression) timing calculations for command mode displays. The root cause is CWE-369 (Divide by Zero): the driver calculates adjusted horizontal timing values using the compression ratio, which per the Intel GPU specification (Bspec) should only apply to video mode, not command mode. This causes the adjusted htotal to become excessively small, reducing line_time_us to zero. When the driver subsequently attempts to calculate vtotal (vertical total) in command mode using this zero line_time_us value, a division-by-zero occurs in kernel space, causing a panic. This affects Intel integrated graphics (i915) on machines like the Huawei Matebook E that use DSC with command mode DSI panels.

RemediationAI

Update Linux kernel to a patched stable release: 6.18.22, 6.19.12, 6.12.81, or 7.0+ as appropriate for your distribution and hardware support cycle. The upstream fix (commit 0b475e91ecc2313207196c6d7fd5c53e1a878525) removes the erroneous DSC compression ratio adjustment in command mode, aligning i915 driver behavior with Bspec and Windows driver implementations. Patch references available at https://git.kernel.org/stable/c/55efe8402f46af8399c8b634a18b130a05fd7820 and related commits. If immediate kernel upgrade is not feasible, the workaround is to disable the i915 driver by adding 'i915.disable_display=1' to kernel boot parameters, though this disables all graphics output; alternatively, blacklist the i915 module if using discrete graphics or headless deployment. Note that the patch does not resolve display functionality on affected Huawei hardware but prevents kernel panic during driver loading.

More in Huawei

View all
CVE-2014-9222 CRITICAL POC
10.0 Dec 24

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re

CVE-2013-4630 HIGH POC
7.6 Jun 20

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allow

CVE-2016-2231 CRITICAL POC
9.8 Feb 15

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the c

CVE-2012-4960 MEDIUM POC
6.5 Jun 20

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605

CVE-2015-7254 MEDIUM POC
5.0 Nov 07

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary

CVE-2020-37220 HIGH POC
8.7 May 13

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain a

CVE-2013-4631 HIGH POC
7.8 Jun 20

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of se

CVE-2015-8088 HIGH POC
7.8 Jan 12

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7

CVE-2014-8358 HIGH POC
7.8 Dec 11

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014)

CVE-2016-5821 HIGH POC
7.8 Jul 13

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUIL

CVE-2014-9223 CRITICAL
10.0 Dec 24

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and product

CVE-2014-8359 HIGH POC
7.2 Nov 13

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26580 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy