CVE-2026-31770

MEDIUM EPSS 2.4%
Published May 1, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (occ) Fix division by zero in occ_show_power_1() In occ_show_power_1() case 1, the accumulator is divided by update_tag without checking for zero. If no samples have been collected yet (e.g. during early boot when the sensor block is included but hasn't been updated), update_tag is zero, causing a kernel divide-by-zero crash. The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by zero issue") only addressed occ_get_powr_avg() used by occ_show_power_2() and occ_show_power_a0(). This separate code path in occ_show_power_1() was missed. Fix this by reusing the existing occ_get_powr_avg() helper, which already handles the zero-sample case and uses mul_u64_u32_div() to multiply before dividing for better precision. Move the helper above occ_show_power_1() so it is visible at the call site. [groeck: Fix alignment problems reported by checkpatch]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-369

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.0  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d
    Patch