Description
In the Linux kernel, the following vulnerability has been resolved:

fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide
by zero error"), we also need to prevent that same crash from happening
in the udlfb driver as it uses pixclock directly when dividing, which
will crash.
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (kernel crash)
Action: Apply Patch
AI Analysis

Impact

This vulnerability stems from a divide‑by‑zero error in the Linux kernel’s tdfxfb framebuffer driver when the FBIOPUT_VSCREENINFO ioctl is called. The flaw triggers a kernel crash, forcing a reboot or halt, and is classified as CWE‑369.

Affected Systems

The flaw exists in the Linux kernel’s fbdev subsystem, specifically the tdfxfb driver. It is present in any kernel that ships the tdfxfb driver and accepts the FBIOPUT_VSCREENINFO ioctl. No exact version range is provided, so all kernels containing that driver are considered affected until patched.

Risk and Exploitability

The EPSS score of < 1 % indicates a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 5.5 suggests a medium severity: an attacker who can send the offending ioctl, which requires local or privileged access, can force a system crash and thus cause a denial of service. The attack vector is inferred from the need to invoke the vulnerable ioctl on the framebuffer device.

Generated by OpenCVE AI on April 28, 2026 at 20:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the commit fixing the divide‑by‑zero fault in tdfxfb.
  • If an immediate kernel upgrade is not possible, recompile the kernel with the tdfxfb module disabled or configure the system to deny users access to the /dev/fb* devices, thereby preventing the vulnerable ioctl from being invoked.
  • Additionally, enforce strict file‑system permissions on the framebuffer devices so that only trusted, privileged users can perform ioctl operations; consider using SELinux or AppArmor to restrict framebuffer access further.

Generated by OpenCVE AI on April 28, 2026 at 20:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Tue, 28 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Mon, 27 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
References

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-369
References

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that same crash from happening in the udlfb driver as it uses pixclock directly when dividing, which will crash.
Title fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:12:17.563Z

Reserved: 2026-03-09T15:48:24.123Z

Link: CVE-2026-31618

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:41.080

Modified: 2026-04-28T14:07:04.707

Link: CVE-2026-31618

cve-icon Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31618 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:15:26Z

Weaknesses