Description
In the Linux kernel, the following vulnerability has been resolved:

iio: proximity: hx9023s: Protect against division by zero in set_samp_freq

Avoid division by zero when sampling frequency is unspecified.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel driver for the hx9023s proximity sensor contains a division‑by‑zero bug in the set_samp_freq function. If an unspecified sampling frequency is passed, the calculation causes a division by zero that triggers a kernel panic, leading to an immediate system reboot or stall and effectively denying service to the affected host. This weakness is classified as CWE‑369 and does not provide a privilege escalation or data exfiltration vector.

Affected Systems

All Linux kernel releases that include the hx9023s driver before the patch. No exact version range is listed, so any system running a kernel that has not incorporated the commit that fixes the bug is potentially vulnerable. The driver is part of the core kernel source and is distributed with most mainstream Linux distributions.

Risk and Exploitability

The vulnerability exists in kernel code that is exercised through the hx9023s device interface, meaning an attacker would need to interact with the driver to trigger the faulty path. This interaction is likely local or requires privileged access, and the EPSS score is not available, so the probability of exploitation is uncertain. The vulnerability is not listed in the CISA KEV catalog, and no public exploit is known, but a kernel crash would result in a full denial of service to the impacted system.

Generated by OpenCVE AI on May 9, 2026 at 04:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the commit fixing CVE-2026-43354. The relevant commit can be found in the provided git references.
  • If an upgrade cannot be performed immediately, uninstall or blacklist the hx9023s kernel module and remove or restrict access to the device node so no user can trigger the faulty function call.
  • As a temporary measure, apply the patch directly from the kernel source or modify the set_samp_freq implementation to guard against unspecified frequencies before compiling the kernel.

Generated by OpenCVE AI on May 9, 2026 at 04:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-369
References

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when sampling frequency is unspecified.
Title iio: proximity: hx9023s: Protect against division by zero in set_samp_freq
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:10.949Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43354

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:46.147

Modified: 2026-05-08T15:16:46.147

Link: CVE-2026-43354

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43354 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T05:00:10Z

Weaknesses