Description
In the Linux kernel, the following vulnerability has been resolved:

media: ccs: Avoid possible division by zero

Calculating maximum M for scaler configuration involves dividing by
MIN_X_OUTPUT_SIZE limit register's value. Albeit the value is presumably
non-zero, the driver was missing the check it in fact was. Fix this.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing check in the Linux media ccs driver can cause a division by zero when calculating the maximum scaling factor, which in turn may trigger a kernel panic and lead to a denial of service for the affected system. The flaw stems from an arithmetic error caused by an unchecked MIN_X_OUTPUT_SIZE register value, and does not provide a direct remote code execution path.

Affected Systems

The vulnerability is present in the Linux kernel, specifically within the media subsystem's ccs scaler configuration. It applies to all kernel releases that include the vulnerable media driver prior to the patch, as identified by the vendor "Linux:Linux". No specific version numbers are listed in the CNA data, so all upstream kernels that compile this module are potentially affected.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is <1%; the issue is not listed in CISA's KEV catalog. Exploitation would require local access to load or manipulate the media driver, likely requiring elevated privileges. Given the lack of a publicly identified remote attack vector, the risk is primarily a local denial of service with a low to moderate likelihood of exploitation under normal operating conditions.

Generated by OpenCVE AI on May 11, 2026 at 23:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patched media ccs driver
  • If an immediate kernel upgrade is not possible, rebuild the kernel from source and apply the commit that adds the missing check to the ccs driver before installing the updated module
  • As a temporary workaround, disable or blacklist the media ccs module until an updated kernel is available

Generated by OpenCVE AI on May 11, 2026 at 23:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 21:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 06 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-369

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: ccs: Avoid possible division by zero Calculating maximum M for scaler configuration involves dividing by MIN_X_OUTPUT_SIZE limit register's value. Albeit the value is presumably non-zero, the driver was missing the check it in fact was. Fix this.
Title media: ccs: Avoid possible division by zero
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:19:25.995Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43182

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:36.787

Modified: 2026-05-11T20:53:18.160

Link: CVE-2026-43182

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43182 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:30:02Z

Weaknesses