Division by zero in Linux kernel - CVE-2026-31770
Published: May 2, 2026
Vulnerability identifier: #VU128920
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31770
CWE-ID: CWE-369
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to division by zero in occ_show_power_1() when reading power sensor data before any samples have been collected. A local user can trigger access to the affected sensor path to cause a denial of service.
This can occur during early boot when the sensor block is present but has not yet been updated.
How to mitigate CVE-2026-31770
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5
- https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d
- https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3
- https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8
- https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475
- https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733
- https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38
- https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d