CVE-2026-31549 (GCVE-0-2026-31549)
Vulnerability from cvelistv5 – Published: 2026-04-24 14:33 – Updated: 2026-04-24 14:33
VLAI?
Title
i2c: cp2615: fix serial string NULL-deref at probe
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: cp2615: fix serial string NULL-deref at probe
The cp2615 driver uses the USB device serial string as the i2c adapter
name but does not make sure that the string exists.
Verify that the device has a serial number before accessing it to avoid
triggering a NULL-pointer dereference (e.g. with malicious devices).
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
4a7695429eade517b07ea72f9ec366130e81a076 , < e68c267787778bcdf3d91b06f794faaba7f0d1d1
(git)
Affected: 4a7695429eade517b07ea72f9ec366130e81a076 , < 4a22af879172336370ae3e81e7f65fb2f69472ee (git) Affected: 4a7695429eade517b07ea72f9ec366130e81a076 , < 69aece634a7eebafd9a596e5494d52facf6f26ec (git) Affected: 4a7695429eade517b07ea72f9ec366130e81a076 , < 13ccf9b106bba121728f1625c4375a1bd8f5c5a3 (git) Affected: 4a7695429eade517b07ea72f9ec366130e81a076 , < a9778298f47036866ea15eeb17242e8a4612580f (git) Affected: 4a7695429eade517b07ea72f9ec366130e81a076 , < efe996bcfe50c2dcc6cf65c574285713b722ced7 (git) Affected: 4a7695429eade517b07ea72f9ec366130e81a076 , < aa79f996eb41e95aed85a1bd7f56bcd6a3842008 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-cp2615.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e68c267787778bcdf3d91b06f794faaba7f0d1d1",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
},
{
"lessThan": "4a22af879172336370ae3e81e7f65fb2f69472ee",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
},
{
"lessThan": "69aece634a7eebafd9a596e5494d52facf6f26ec",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
},
{
"lessThan": "13ccf9b106bba121728f1625c4375a1bd8f5c5a3",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
},
{
"lessThan": "a9778298f47036866ea15eeb17242e8a4612580f",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
},
{
"lessThan": "efe996bcfe50c2dcc6cf65c574285713b722ced7",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
},
{
"lessThan": "aa79f996eb41e95aed85a1bd7f56bcd6a3842008",
"status": "affected",
"version": "4a7695429eade517b07ea72f9ec366130e81a076",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-cp2615.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.20",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.10",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cp2615: fix serial string NULL-deref at probe\n\nThe cp2615 driver uses the USB device serial string as the i2c adapter\nname but does not make sure that the string exists.\n\nVerify that the device has a serial number before accessing it to avoid\ntriggering a NULL-pointer dereference (e.g. with malicious devices)."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T14:33:16.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e68c267787778bcdf3d91b06f794faaba7f0d1d1"
},
{
"url": "https://git.kernel.org/stable/c/4a22af879172336370ae3e81e7f65fb2f69472ee"
},
{
"url": "https://git.kernel.org/stable/c/69aece634a7eebafd9a596e5494d52facf6f26ec"
},
{
"url": "https://git.kernel.org/stable/c/13ccf9b106bba121728f1625c4375a1bd8f5c5a3"
},
{
"url": "https://git.kernel.org/stable/c/a9778298f47036866ea15eeb17242e8a4612580f"
},
{
"url": "https://git.kernel.org/stable/c/efe996bcfe50c2dcc6cf65c574285713b722ced7"
},
{
"url": "https://git.kernel.org/stable/c/aa79f996eb41e95aed85a1bd7f56bcd6a3842008"
}
],
"title": "i2c: cp2615: fix serial string NULL-deref at probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31549",
"datePublished": "2026-04-24T14:33:16.814Z",
"dateReserved": "2026-03-09T15:48:24.115Z",
"dateUpdated": "2026-04-24T14:33:16.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31549",
"date": "2026-04-25",
"epss": "0.00024",
"percentile": "0.06802"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31549\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-04-24T15:16:29.060\",\"lastModified\":\"2026-04-24T17:51:40.810\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ni2c: cp2615: fix serial string NULL-deref at probe\\n\\nThe cp2615 driver uses the USB device serial string as the i2c adapter\\nname but does not make sure that the string exists.\\n\\nVerify that the device has a serial number before accessing it to avoid\\ntriggering a NULL-pointer dereference (e.g. with malicious devices).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/13ccf9b106bba121728f1625c4375a1bd8f5c5a3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4a22af879172336370ae3e81e7f65fb2f69472ee\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/69aece634a7eebafd9a596e5494d52facf6f26ec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a9778298f47036866ea15eeb17242e8a4612580f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa79f996eb41e95aed85a1bd7f56bcd6a3842008\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e68c267787778bcdf3d91b06f794faaba7f0d1d1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/efe996bcfe50c2dcc6cf65c574285713b722ced7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…