CVE-2026-31770 - Vulnerability Details

- hwmon: (occ) Fix division by zero in occ_show_power_1()

Description

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (occ) Fix division by zero in occ_show_power_1()

In occ_show_power_1() case 1, the accumulator is divided by
update_tag without checking for zero. If no samples have been
collected yet (e.g. during early boot when the sensor block is
included but hasn't been updated), update_tag is zero, causing
a kernel divide-by-zero crash.

The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by
zero issue") only addressed occ_get_powr_avg() used by
occ_show_power_2() and occ_show_power_a0(). This separate code
path in occ_show_power_1() was missed.

Fix this by reusing the existing occ_get_powr_avg() helper, which
already handles the zero-sample case and uses mul_u64_u32_div()
to multiply before dividing for better precision. Move the helper
above occ_show_power_1() so it is visible at the call site.

[groeck: Fix alignment problems reported by checkpatch]

Published: 2026-05-01

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A division‑by‑zero bug exists in the occ_show_power_1 function of the Linux kernel hwmon subsystem. When the sensor has not yet collected any samples, a zero value is used as a divisor, which causes a kernel crash. This results in a denial‑of‑service by bringing the entire system down, rather than leaking sensitive data or providing code execution. The vulnerability is an instance of integer division by zero (CWE‑369).

Affected Systems

The issue affects all Linux kernels that include the hwmon occ driver, regardless of specific distribution, because the CPE string is generic for all Linux kernel versions. No particular vendor or patch level is listed in the CNA data.

Risk and Exploitability

Based on the description, it is inferred that the flaw is exploitable in a local context by any user who can read the /sys/class/hwmon power interface or cause the sensor to be queried before any data is collected. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The severity is high due to the kernel crash, but the likelihood of exploitation is limited to users with sufficient local access and the ability to trigger the sensor read during early boot or no‑sample states.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< c7d3712362c8ab8f82f441b649d9e446e7b9aa9d
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< 53e6175756b8c474b6247bbcea0aad3d68357475
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< 2502684b9e835de9a992ec47c3e6c6faabe3858d
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< 37ae8fadc74ed68e5bc364ffd17746d88e449ae3
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< bbbefc48f6617cfb738dcff7f44beb50b5dfeb38
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< 243d55bd3f08cb15eee9d63f4716d4d4cdd760f5
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< 7b89ce0c98bf3015f493ca4285b2d1056cd8c733
`c10e753d43ebd1d17e1c62bcee20c6124c2c7cca`	affected	< 39e2a5bf970402a8530a319cf06122e216ba57b8

Linux

affected

Version	Status	Constraints
`5.0`	affected	—
`0`	unaffected	< 5.0
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,c7d3712362c8ab8f82f441b649d9e446e7b9aa9d)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,53e6175756b8c474b6247bbcea0aad3d68357475)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,2502684b9e835de9a992ec47c3e6c6faabe3858d)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,37ae8fadc74ed68e5bc364ffd17746d88e449ae3)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,39e2a5bf970402a8530a319cf06122e216ba57b8)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,7b89ce0c98bf3015f493ca4285b2d1056cd8c733)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,bbbefc48f6617cfb738dcff7f44beb50b5dfeb38)`	affected	code_commit	—
`[c10e753d43ebd1d17e1c62bcee20c6124c2c7cca,243d55bd3f08cb15eee9d63f4716d4d4cdd760f5)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.0`	affected	generic	—
`[0,5.0)`	unaffected	semver	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.168,6.2.0)`	unaffected	semver	—
`[6.6.134,6.7.0)`	unaffected	semver	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a kernel that incorporates the commit referenced in the advisory, which moves the helper function to avoid division by zero.
If an upgrade is not immediately possible, disable the occ hwmon module or block access to the /sys/class/hwmon path that triggers occ_show_power_1.
Continuously monitor kernel logs for oops or panic messages related to occ_show_power_1 and consider remediation if they appear.

Generated by OpenCVE AI on May 2, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5
https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d
https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3
https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8
https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475
https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733
https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38
https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d
https://lore.kernel.org/linux-cve-announce/2026050148-CVE-2026-31770-f142@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31770
https://www.cve.org/CVERecord?id=CVE-2026-31770

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-369
References		https://lore.kernel.org/linux-cve-announce/2026050148-CVE-2026-31770-f142@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31770 https://www.cve.org/CVERecord?id=CVE-2026-31770

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: hwmon: (occ) Fix division by zero in occ_show_power_1() In occ_show_power_1() case 1, the accumulator is divided by update_tag without checking for zero. If no samples have been collected yet (e.g. during early boot when the sensor block is included but hasn't been updated), update_tag is zero, causing a kernel divide-by-zero crash. The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by zero issue") only addressed occ_get_powr_avg() used by occ_show_power_2() and occ_show_power_a0(). This separate code path in occ_show_power_1() was missed. Fix this by reusing the existing occ_get_powr_avg() helper, which already handles the zero-sample case and uses mul_u64_u32_div() to multiply before dividing for better precision. Move the helper above occ_show_power_1() so it is visible at the call site. [groeck: Fix alignment problems reported by checkpatch]
Title		hwmon: (occ) Fix division by zero in occ_show_power_1()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5 https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3 https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8 https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475 https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733 https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38 https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:59.256Z

Updated: 2026-05-01T14:14:59.256Z

Reserved: 2026-03-09T15:48:24.140Z

Link: CVE-2026-31770

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:40.200

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31770

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31770 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T10:30:40Z

Weaknesses

CWE-369

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object