CVE-2026-23266Linux vulnerability

9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver recomputes FIFO arbitration parameters in nv3_arb(), using state->mclk_khz (derived from the PRAMDAC MCLK PLL) as a divisor without validating it first. In a normal setup, state->mclk_khz is provided by the real hardware and is non-zero. Howe

Affected Packages3 packages

Linuxlinux/linux_kernel2.6.125.10.251+6
Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2ec5a58f4fd581875593ea92a65485e1906a53c0f+8

🔴Vulnerability Details

4
OSV
fbdev: rivafb: fix divide error in nv3_arb()2026-03-18
GHSA
GHSA-c589-8xvr-7cm3: In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the2026-03-18
CVEList
fbdev: rivafb: fix divide error in nv3_arb()2026-03-18
OSV
CVE-2026-23266: In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the R2026-03-18

📋Vendor Advisories

3
Red Hat
kernel: fbdev: rivafb: fix divide error in nv3_arb()2026-03-18
Microsoft
fbdev: rivafb: fix divide error in nv3_arb()2026-03-10
Debian
CVE-2026-23266: linux - In the Linux kernel, the following vulnerability has been resolved: fbdev: riva...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23266 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23266 — Linux vulnerability | cvebase