What is CVE-2026-23266?

CVE-2026-23266 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Divide By Zero flaw (CWE-369), affecting Linux kernel versions from 2.6.12 onward and patched in 5.10.251, 5.15.201, 6.1.164 and others. CVE-2026-23266 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-23266?

CVE-2026-23266 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-23266?

Yes, CVE-2026-23266 has been patched. Fixed versions include 5.10.251, 5.15.201, 6.1.164 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-23266 actively exploited?

CVE-2026-23266 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Divide By Zero (CWE-369)?

The product divides a value by zero, causing a crash or unexpected behaviour. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/369.html

CVE-2026-23266

Medium

In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver recomputes FIFO arbitration parameters in nv3_arb(), using state->mclk_khz (derived from the PRAMDAC MCLK PLL) as a divisor without validating it first. In a normal setup, state->mclk_khz is provided by the real hardware and is non-zero. However, an attacker can construct a malicious or misconfigured device (e.g. a crafted/emulated PCI device) that exposes a bogus PLL configuration, causing state->mclk_khz to become zero. Once nv3_get_param() calls nv3_arb(), the division by state->mclk_khz in the gns calculation causes a divide error and crashes the kernel. Fix this by checking whether state->mclk_khz is zero and bailing out before doing the division. The following log reveals it: rivafb: setting virtual Y resolution to 2184 divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 2187 Comm: syz-executor.0 Not tainted 5.18.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:nv3_arb drivers/video/fbdev/riva/riva_hw.c:439 [inline] RIP: 0010:nv3_get_param+0x3ab/0x13b0 drivers/video/fbdev/riva/riva_hw.c:546 Call Trace: nv3CalcArbitration.constprop.0+0x255/0x460 drivers/video/fbdev/riva/riva_hw.c:603 nv3UpdateArbitrationSettings drivers/video/fbdev/riva/riva_hw.c:637 [inline] CalcStateExt+0x447/0x1b90 drivers/video/fbdev/riva/riva_hw.c:1246 riva_load_video_mode+0x8a9/0xea0 drivers/video/fbdev/riva/fbdev.c:779 rivafb_set_par+0xc0/0x5f0 drivers/video/fbdev/riva/fbdev.c:1196 fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1033 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1109 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1188 __x64_sys_ioctl+0x122/0x190 fs/ioctl.c:856

Package Linux Kernel

Published 2026-03-18

Last modified 2026-05-29

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-369

CVE-2026-23266 is a Divide By Zero vulnerability

What is Divide By Zero?

The product divides a value by zero, causing a crash or unexpected behaviour. Learn more on MITRE CWE

Affected versions

Linux kernel versions 2.6.12 and later are affected. Fixed in 5.10.251, 5.15.201, 6.1.164, 6.6.127, 6.12.74, 6.18.13, 6.19.3, 7.0 and their respective stable series.

Affected from

≥ 2.6.12

Fixed in

✓ 5.10.251 5.10.x ✓ 5.15.201 5.15.x ✓ 6.1.164 6.1.x ✓ 6.6.127 6.6.x ✓ 6.12.74 6.12.x ✓ 6.18.13 6.18.x ✓ 6.19.3 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-23266 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0209e21e3c372fa2da04c39214bec0b64e4eb5f4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3e4cbd1d46c246dfa684c8e9d8c20ae0b960c50a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/526460a96c5443e2fc0fd231edd1f9c49d2de26b
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2026-23266

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2026-03-18

Modified 2026-05-29

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2026-23266?

CVE-2026-23266 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as a Divide By Zero flaw (CWE-369) . It affects Linux kernel versions from 2.6.12 onward and has been patched in 5.10.251, 5.15.201, 6.1.164 and others. CVE-2026-23266 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-23266?

CVE-2026-23266 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2026-23266?

Yes — CVE-2026-23266 has been patched. Fixed versions include 5.10.251, 5.15.201, 6.1.164 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-23266 actively exploited?

No — CVE-2026-23266 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Divide By Zero (CWE-369)?

The product divides a value by zero, causing a crash or unexpected behaviour. View CWE-369 on MITRE CWE →