CVE-2026-31605 - Vulnerability Details

- fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Description

In the Linux kernel, the following vulnerability has been resolved:

fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide
by zero error"), we also need to prevent that same crash from happening
in the udlfb driver as it uses pixclock directly when dividing, which
will crash.

Published: 2026-04-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The promoted vulnerability is a divide‑by‑zero error in the udlfb framebuffer driver that can be triggered via the FBIOPUT_VSCREENINFO ioctl. When the driver attempts to perform a division operation using pixclock without validating the divisor, a kernel crash occurs, causing the system to become unresponsive. The flaw does not provide direct escalation or data disclosure but results in an unstable system state and potential loss of uptime.

Affected Systems

All Linux kernel builds that include the udlfb framebuffer driver are impacted, regardless of distribution. Any machine that runs a kernel containing the udlfb code before the fix will expose the flaw. This includes generic desktop and server kernels that ship with the driver enabled.

Risk and Exploitability

The CVSS score of 5.5, combined with an EPSS score of < 1%, indicates a very low likelihood of exploitation in the wild. The flaw is not listed in CISA’s Known Exploited Vulnerabilities catalog. The attack vector is local: an entity that can open the framebuffer device and issue the FBIOPUT_VSCREENINFO ioctl can trigger the crash. Privileged users typically have access to the framebuffer; thus the risk is confined to systems where non‑root processes might be able to use the device, or where privilege escalation exists.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< 9981de9fb5ae0d3d6bc5ff5ca63350c2a3cdc564
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< fd50ab7dd4ee5bbb4aebffa76ae18484b03a8ea5
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< 828ce54b27de93bd9c67991bca5a2c76c76742de
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< cce24f70090e0decb597b88bc52e8ef8efed6105
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< 03797cdee38ef19c87785622d423aabaafb71c5f
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< 6de048d78f3029744778b7a2891745f3ca7c209a
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< cccbf9b7fdab48ce4feb69c24f7f928aa8e4e8b8
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< afaaaa38579f1252bb42b145f6e88a955c4f73f3
`59277b679f8b5ce594e367759256668eba652d0d`	affected	< a31e4518bec70333a0a98f2946a12b53b45fe5b9

Linux

affected

Version	Status	Constraints
`2.6.34`	affected	—
`0`	unaffected	< 2.6.34
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.136`	unaffected	≤ 6.6.*
`6.12.83`	unaffected	≤ 6.12.*
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0.1`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[59277b679f8b5ce594e367759256668eba652d0d,cce24f70090e0decb597b88bc52e8ef8efed6105)`	affected	code_commit	—
`[59277b679f8b5ce594e367759256668eba652d0d,03797cdee38ef19c87785622d423aabaafb71c5f)`	affected	code_commit	—
`[59277b679f8b5ce594e367759256668eba652d0d,6de048d78f3029744778b7a2891745f3ca7c209a)`	affected	code_commit	—
`[59277b679f8b5ce594e367759256668eba652d0d,cccbf9b7fdab48ce4feb69c24f7f928aa8e4e8b8)`	affected	code_commit	—
`[59277b679f8b5ce594e367759256668eba652d0d,afaaaa38579f1252bb42b145f6e88a955c4f73f3)`	affected	code_commit	—
`[59277b679f8b5ce594e367759256668eba652d0d,a31e4518bec70333a0a98f2946a12b53b45fe5b9)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.34`	affected	semver	—
`[0,2.6.34)`	unaffected	semver	—
`[6.6.136,6.7.0)`	unaffected	semver	—
`[6.12.83,6.13.0)`	unaffected	semver	—
`[6.18.24,6.19.0)`	unaffected	semver	—
`[6.19.14,6.20.0)`	unaffected	semver	—
`[7.0.1,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install a Linux kernel version that contains the fbdev/udlfb divide‑by‑zero fix.
If upgrading the kernel cannot be performed promptly, restrict access to framebuffer devices (/dev/fb*) by adjusting file permissions or disabling the udlfb driver in the kernel configuration, thereby preventing untrusted users from exercising the vulnerable ioctl.
Rebuild the kernel with the udlfb driver disabled if it is not required, eliminating the vulnerable code path.

Generated by OpenCVE AI on April 30, 2026 at 04:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/03797cdee38ef19c87785622d423aabaafb71c5f
https://git.kernel.org/stable/c/6de048d78f3029744778b7a2891745f3ca7c209a
https://git.kernel.org/stable/c/828ce54b27de93bd9c67991bca5a2c76c76742de
https://git.kernel.org/stable/c/9981de9fb5ae0d3d6bc5ff5ca63350c2a3cdc564
https://git.kernel.org/stable/c/a31e4518bec70333a0a98f2946a12b53b45fe5b9
https://git.kernel.org/stable/c/afaaaa38579f1252bb42b145f6e88a955c4f73f3
https://git.kernel.org/stable/c/cccbf9b7fdab48ce4feb69c24f7f928aa8e4e8b8
https://git.kernel.org/stable/c/cce24f70090e0decb597b88bc52e8ef8efed6105
https://git.kernel.org/stable/c/fd50ab7dd4ee5bbb4aebffa76ae18484b03a8ea5
https://lore.kernel.org/linux-cve-announce/2026042420-CVE-2026-31605-f29f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31605
https://www.cve.org/CVERecord?id=CVE-2026-31605

History

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/828ce54b27de93bd9c67991bca5a2c76c76742de https://git.kernel.org/stable/c/9981de9fb5ae0d3d6bc5ff5ca63350c2a3cdc564 https://git.kernel.org/stable/c/fd50ab7dd4ee5bbb4aebffa76ae18484b03a8ea5

Wed, 29 Apr 2026 19:45:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 27 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/cce24f70090e0decb597b88bc52e8ef8efed6105

Mon, 27 Apr 2026 11:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/a31e4518bec70333a0a98f2946a12b53b45fe5b9

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-369
References		https://lore.kernel.org/linux-cve-announce/2026042420-CVE-2026-31605-f29f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31605 https://www.cve.org/CVERecord?id=CVE-2026-31605

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that same crash from happening in the udlfb driver as it uses pixclock directly when dividing, which will crash.
Title		fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/03797cdee38ef19c87785622d423aabaafb71c5f https://git.kernel.org/stable/c/6de048d78f3029744778b7a2891745f3ca7c209a https://git.kernel.org/stable/c/afaaaa38579f1252bb42b145f6e88a955c4f73f3 https://git.kernel.org/stable/c/cccbf9b7fdab48ce4feb69c24f7f928aa8e4e8b8

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:42:28.120Z

Updated: 2026-06-01T16:12:27.511Z

Reserved: 2026-03-09T15:48:24.122Z

Link: CVE-2026-31605

Vulnrichment

No data.

NVD

Status : Modified

Published: 2026-04-24T15:16:39.730

Modified: 2026-06-01T17:16:51.190

Link: CVE-2026-31605

Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31605 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-30T04:15:26Z

Weaknesses

CWE-369

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object