HOMEVULNERABILITIESCVE-2026-31770
NONE

CVE-2026-31770

Published: May 1, 2026· Updated: May 1, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (occ) Fix division by zero in occ_show_power_1()

In occ_show_power_1() case 1, the accumulator is divided by

update_tag without checking for zero. If no samples have been

collected yet (e.g. during early boot when the sensor block is

included but hasn't been updated), update_tag is zero, causing

a kernel divide-by-zero crash.

The 2019 fix in commit 211186cae14d ("hwmon: (occ) Fix division by

zero issue") only addressed occ_get_powr_avg() used by

occ_show_power_2() and occ_show_power_a0(). This separate code

path in occ_show_power_1() was missed.

Fix this by reusing the existing occ_get_powr_avg() helper, which

already handles the zero-sample case and uses mul_u64_u32_div()

to multiply before dividing for better precision. Move the helper

above occ_show_power_1() so it is visible at the call site.

[groeck: Fix alignment problems reported by checkpatch]

NVD Source

Technical Analysis

CVE-2026-31770 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-31770
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31770 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.