CVE & CISA-KEV Catalog

CVE-2026-31770

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (occ) Fix division by zero in occ_show_power_1() In occ_show_power_1() case 1, the accumulator is divided by update_tag without checking for zero. If no samples have been collected yet (e.g. during early boot when the sensor block is included but hasn't been updated), update_tag is zero, causing a kernel divide-by-zero crash. The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by zero issue") only addressed occ_get_powr_avg() used by occ_show_power_2() and occ_show_power_a0(). This separate code path in occ_show_power_1() was missed. Fix this by reusing the existing occ_get_powr_avg() helper, which already handles the zero-sample case and uses mul_u64_u32_div() to multiply before dividing for better precision. Move the helper above occ_show_power_1() so it is visible at the call site. [groeck: Fix alignment problems reported by checkpatch]

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.257-1CVE-2026-31770
Fixed in:6.1.170-1CVE-2026-31770
Fixed in:6.12.85-1CVE-2026-31770
Fixed in:6.19.12-1CVE-2026-31770

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.12%probability of exploitation in 30 days
2ndpercentile

Low risk: more likely to be exploited than 2% of all known CVEs.

References

Embed a live status badge for CVE-2026-31770
CVE-2026-31770 severity badge

Markdown

[![CVE-2026-31770](https://tridentstack.com/cve/badge/CVE-2026-31770.svg)](https://tridentstack.com/cve/CVE-2026-31770)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-31770"><img src="https://tridentstack.com/cve/badge/CVE-2026-31770.svg" alt="CVE-2026-31770"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-11.