CVE-2026-31423 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568
https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9
https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322
https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835
https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd
https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5

History

Mon, 13 Apr 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved.
Title		net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568 https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9 https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322 https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835 https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-13T13:40:26.567Z

Updated: 2026-04-13T13:40:26.567Z

Reserved: 2026-03-09T15:48:24.088Z

Link: CVE-2026-31423

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-13T14:16:12.070

Modified: 2026-04-13T14:16:12.070

Link: CVE-2026-31423

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object