In the Linux kernel, the following vulnerability has been resolved:
net/sched: actskbedit: fix divide-by-zero in tcfskbedit_hash()
Commit 38a6f0865796 ("net: sched: support hash selecting tx queue") added SKBEDITFTXQ_SKBHASH support. The inclusive range size is computed as:
mappingmod = queuemappingmax - queuemapping + 1;
The range size can be 65536 when the requested range covers all possible u16 queue IDs (e.g. queuemapping=0 and queuemappingmax=U16MAX). That value cannot be represented in a u16 and previously wrapped to 0, so tcfskbedithash() could trigger a divide-by-zero:
queuemapping += skbgethash(skb) % params->mappingmod;
Compute mappingmod in a wider type and reject ranges larger than U16MAX to prevent params->mapping_mod from becoming 0 and avoid the crash.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43238.json"
}