{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31423","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.088Z","datePublished":"2026-04-13T13:40:26.567Z","dateUpdated":"2026-05-11T22:08:25.251Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:08:25.251Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_hfsc: fix divide-by-zero in rtsc_min()\n\nm2sm() converts a u32 slope to a u64 scaled value.  For large inputs\n(e.g. m1=4000000000), the result can reach 2^32.  rtsc_min() stores\nthe difference of two such u64 values in a u32 variable `dsm` and\nuses it as a divisor.  When the difference is exactly 2^32 the\ntruncation yields zero, causing a divide-by-zero oops in the\nconcave-curve intersection path:\n\n  Oops: divide error: 0000\n  RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)\n  Call Trace:\n   init_ed (net/sched/sch_hfsc.c:629)\n   hfsc_enqueue (net/sched/sch_hfsc.c:1569)\n   [...]\n\nWiden `dsm` to u64 and replace do_div() with div64_u64() so the full\ndifference is preserved."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/sch_hfsc.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ad8e8fec40290a8c8cf145c0deaadf76f80c5163","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"25b6821884713a31e2b49fb67b0ebd765b33e0a9","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c56f78614e7781aaceca9bd3cb2128bf7d45c3bd","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b9e6431cbea8bb1fae8069ed099b4ee100499835","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"17c1b9807b8a67d676b6dcf749ee932ebaa7f568","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4576100b8cd03118267513cafacde164b498b322","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/sch_hfsc.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.6.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.12.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.18.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ad8e8fec40290a8c8cf145c0deaadf76f80c5163"},{"url":"https://git.kernel.org/stable/c/ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f"},{"url":"https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9"},{"url":"https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd"},{"url":"https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835"},{"url":"https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568"},{"url":"https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5"},{"url":"https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322"}],"title":"net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()","x_generator":{"engine":"bippy-1.2.0"}}}}