CVE-2026-31423
Analyzed Analyzed - Analysis Complete
Divide-by-Zero Vulnerability in Linux Kernel HFSC Scheduler

Publication date: 2026-04-13

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-05-20
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31423
EUVD
EUVD-2026-21947
Affected Vendors & Products
Showing 18 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 2.6.12.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability causes a divide-by-zero kernel oops in the Linux kernel's HFSC scheduler code path. Detection would typically involve monitoring for kernel oops or crash messages related to the HFSC scheduler, specifically messages mentioning "Oops: divide error" and the function "rtsc_min" in net/sched/sch_hfsc.c.

You can check your system logs (e.g., using dmesg or journalctl) for such kernel oops messages:

  • dmesg | grep -i 'Oops: divide error'
  • journalctl -k | grep -i 'rtsc_min'

Additionally, monitoring for crashes or instability when using the HFSC queuing discipline in network traffic control (tc) may indicate the presence of this issue.

Executive Summary

This vulnerability exists in the Linux kernel's network scheduler component, specifically in the sch_hfsc module. It involves a divide-by-zero error in the function rtsc_min().

The issue arises because a 64-bit difference value is stored in a 32-bit variable, causing truncation. When the difference equals 2^32, the truncated value becomes zero, which is then used as a divisor, leading to a divide-by-zero error and a kernel crash (oops).

The fix involves widening the variable to 64 bits and using a 64-bit division function to prevent truncation and the resulting divide-by-zero.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to a divide-by-zero error in the network scheduler. Such a crash can lead to denial of service (DoS) conditions, disrupting network traffic management and potentially affecting system stability and availability.

Mitigation Strategies

The vulnerability is fixed by widening the variable used as a divisor and replacing the division function to prevent divide-by-zero errors in the HFSC scheduler code.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • If updating immediately is not possible, avoid using the HFSC queuing discipline (sch_hfsc) in your network traffic control configurations to prevent triggering the vulnerable code path.
  • Monitor system logs for any kernel oops related to this issue and plan for a kernel upgrade as soon as possible.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31423. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart