CVE-2026-31770
- Source
- https://cve.org/CVERecord?id=CVE-2026-31770
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31770.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31770
- Downstream
- Published
- 2026-05-01T14:14:59.256Z
- Modified
- 2026-05-18T05:59:54.391449694Z
- Summary
- hwmon: (occ) Fix division by zero in occ_show_power_1()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (occ) Fix division by zero in occshowpower_1()
In occshowpower1() case 1, the accumulator is divided by updatetag without checking for zero. If no samples have been collected yet (e.g. during early boot when the sensor block is included but hasn't been updated), update_tag is zero, causing a kernel divide-by-zero crash.
The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by zero issue") only addressed occgetpowravg() used by occshowpower2() and occshowpowera0(). This separate code path in occshowpower1() was missed.
Fix this by reusing the existing occgetpowravg() helper, which already handles the zero-sample case and uses mulu64u32div() to multiply before dividing for better precision. Move the helper above occshowpower_1() so it is visible at the call site.
[groeck: Fix alignment problems reported by checkpatch]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31770.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5
- https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d
- https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3
- https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8
- https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475
- https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733
- https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38
- https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31770.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31770
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc10e753d43ebd1d17e1c62bcee20c6124c2c7ccaFixedc7d3712362c8ab8f82f441b649d9e446e7b9aa9dFixed53e6175756b8c474b6247bbcea0aad3d68357475Fixed2502684b9e835de9a992ec47c3e6c6faabe3858dFixed37ae8fadc74ed68e5bc364ffd17746d88e449ae3Fixedbbbefc48f6617cfb738dcff7f44beb50b5dfeb38Fixed243d55bd3f08cb15eee9d63f4716d4d4cdd760f5Fixed7b89ce0c98bf3015f493ca4285b2d1056cd8c733Fixed39e2a5bf970402a8530a319cf06122e216ba57b8
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced5.0.0Fixed5.10.253
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.168
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.134
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.81
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.22
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.12