CVE-2026-31423
Received Received - Intake
Divide-by-Zero Vulnerability in Linux Kernel HFSC Scheduler

Publication date: 2026-04-13

Last updated on: 2026-04-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-18
Generated
2026-05-07
AI Q&A
2026-04-13
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31423
EUVD
EUVD-2026-21947
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability causes a divide-by-zero kernel oops in the Linux kernel's HFSC scheduler code path. Detection would typically involve monitoring for kernel oops or crash messages related to the HFSC scheduler, specifically messages mentioning "Oops: divide error" and the function "rtsc_min" in net/sched/sch_hfsc.c.

You can check your system logs (e.g., using dmesg or journalctl) for such kernel oops messages:

  • dmesg | grep -i 'Oops: divide error'
  • journalctl -k | grep -i 'rtsc_min'

Additionally, monitoring for crashes or instability when using the HFSC queuing discipline in network traffic control (tc) may indicate the presence of this issue.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's network scheduler component, specifically in the sch_hfsc module. It involves a divide-by-zero error in the function rtsc_min().

The issue arises because a 64-bit difference value is stored in a 32-bit variable, causing truncation. When the difference equals 2^32, the truncated value becomes zero, which is then used as a divisor, leading to a divide-by-zero error and a kernel crash (oops).

The fix involves widening the variable to 64 bits and using a 64-bit division function to prevent truncation and the resulting divide-by-zero.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a divide-by-zero error in the network scheduler. Such a crash can lead to denial of service (DoS) conditions, disrupting network traffic management and potentially affecting system stability and availability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by widening the variable used as a divisor and replacing the division function to prevent divide-by-zero errors in the HFSC scheduler code.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • If updating immediately is not possible, avoid using the HFSC queuing discipline (sch_hfsc) in your network traffic control configurations to prevent triggering the vulnerable code path.
  • Monitor system logs for any kernel oops related to this issue and plan for a kernel upgrade as soon as possible.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart