CVE-2026-31603

Description

In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in ps_to_hz() ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating that pixclock is non-zero. A zero pixclock passed via FBIOPUT_VSCREENINFO causes a division by zero. Fix by rejecting zero pixclock in lynxfb_ops_check_var(), consistent with other framebuffer drivers.

CVSS v3.1 Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.02%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-369 CWE-369

Affected Products

Vendor	Product	Versions
linux	linux_kernel	4.1 — 6.6.136
linux	linux_kernel	6.7 — 6.12.83
linux	linux_kernel	6.13 — 6.18.24
linux	linux_kernel	6.19 — 6.19.14
linux	linux_kernel	7.0 — 7.0.1

References

Advisories & Patches

https://git.kernel.org/stable/c/1412ba36597a82e928f20047f41d6c6582dafe8a https://git.kernel.org/stable/c/2f640c6043aeab31a2f607d7605271860c3b11df https://git.kernel.org/stable/c/6144895a4335a2491c282931f1f2fa610b86339f https://git.kernel.org/stable/c/75a1621e4f91310673c9acbcbb25c2a7ff821cd3 https://git.kernel.org/stable/c/779412e0e391fd4a0d12e1d1adaa7bf043de62d7 https://git.kernel.org/stable/c/daf6733bd7c4c5015b431739ac29b0e29021096b

Frequently Asked Questions

What is CVE-2026-31603? +

In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in ps_to_hz() ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating that pixclock is non-zero. A zero pixclock passed via FBIOPUT_VSCREENINFO causes a division by zero. Fix by rejecting zero pixclock in lynxfb_ops_check_var(), consistent with other framebuffer drivers. It has a CVSS v3.1 base score of 5.5 (MEDIUM).

How severe is CVE-2026-31603? +

CVE-2026-31603 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-31603? +

CVE-2026-31603 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-31603? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-4637

Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. …

CVE-2025-54873

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions …

CVE-2024-26945 8.4

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus …

CVE-2024-4785 7.6

BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

CVE-2024-6135 7.6

BT:Classic: Multiple missing buf length checks

CVE-2026-33593 7.5

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.