DEBIAN-CVE-2026-31423

DEBIAN-CVE-2026-31423 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved.

Affected Products

Vendor	Product	Versions
Debian:14	linux	6.12.43-1, 6.19, 6.19
Debian:11	linux-6.1	6.1.164-1, 0, 6.1.106-3
Debian:13	linux	6.12.63-1, 0, 6.12.38-1
Debian:12	linux	, 0,
Debian:11	linux	6.1.159-1, 6.1.162-1, 6.1.164-1

Timeline

Apr 13, 2026 CVE Published
May 2, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-31423 advisory

Open in Interactive Console →