{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31549", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.115Z", "datePublished": "2026-04-24T14:33:16.814Z", "dateUpdated": "2026-05-11T22:10:55.565Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:10:55.565Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cp2615: fix serial string NULL-deref at probe\n\nThe cp2615 driver uses the USB device serial string as the i2c adapter\nname but does not make sure that the string exists.\n\nVerify that the device has a serial number before accessing it to avoid\ntriggering a NULL-pointer dereference (e.g. with malicious devices)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/busses/i2c-cp2615.c"], "versions": [{"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "e68c267787778bcdf3d91b06f794faaba7f0d1d1", "status": "affected", "versionType": "git"}, {"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "4a22af879172336370ae3e81e7f65fb2f69472ee", "status": "affected", "versionType": "git"}, {"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "69aece634a7eebafd9a596e5494d52facf6f26ec", "status": "affected", "versionType": "git"}, {"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "13ccf9b106bba121728f1625c4375a1bd8f5c5a3", "status": "affected", "versionType": "git"}, {"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "a9778298f47036866ea15eeb17242e8a4612580f", "status": "affected", "versionType": "git"}, {"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "efe996bcfe50c2dcc6cf65c574285713b722ced7", "status": "affected", "versionType": "git"}, {"version": "4a7695429eade517b07ea72f9ec366130e81a076", "lessThan": "aa79f996eb41e95aed85a1bd7f56bcd6a3842008", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/busses/i2c-cp2615.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e68c267787778bcdf3d91b06f794faaba7f0d1d1"}, {"url": "https://git.kernel.org/stable/c/4a22af879172336370ae3e81e7f65fb2f69472ee"}, {"url": "https://git.kernel.org/stable/c/69aece634a7eebafd9a596e5494d52facf6f26ec"}, {"url": "https://git.kernel.org/stable/c/13ccf9b106bba121728f1625c4375a1bd8f5c5a3"}, {"url": "https://git.kernel.org/stable/c/a9778298f47036866ea15eeb17242e8a4612580f"}, {"url": "https://git.kernel.org/stable/c/efe996bcfe50c2dcc6cf65c574285713b722ced7"}, {"url": "https://git.kernel.org/stable/c/aa79f996eb41e95aed85a1bd7f56bcd6a3842008"}], "title": "i2c: cp2615: fix serial string NULL-deref at probe", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC3F58C6-09EC-41E6-8E82-613F5965C0DB", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43", "versionEndExcluding": "6.1.167", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D591F5-B196-4CC9-905C-DC80F116E7A8", "versionEndExcluding": "6.12.78", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5571059-6552-48E7-9BEF-3E358C387171", "versionEndExcluding": "6.18.20", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D34333-38BE-4414-9E79-6EB764329581", "versionEndExcluding": "6.19.10", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*", "matchCriteriaId": "8F0E7012-0BA3-4E6A-ADE9-57973CBDEE28", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cp2615: fix serial string NULL-deref at probe\n\nThe cp2615 driver uses the USB device serial string as the i2c adapter\nname but does not make sure that the string exists.\n\nVerify that the device has a serial number before accessing it to avoid\ntriggering a NULL-pointer dereference (e.g. with malicious devices)."}], "id": "CVE-2026-31549", "lastModified": "2026-04-27T20:15:45.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:29.060", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13ccf9b106bba121728f1625c4375a1bd8f5c5a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4a22af879172336370ae3e81e7f65fb2f69472ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/69aece634a7eebafd9a596e5494d52facf6f26ec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9778298f47036866ea15eeb17242e8a4612580f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa79f996eb41e95aed85a1bd7f56bcd6a3842008"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e68c267787778bcdf3d91b06f794faaba7f0d1d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/efe996bcfe50c2dcc6cf65c574285713b722ced7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: i2c: cp2615: fix serial string NULL-deref at probe", "id": "2461518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461518"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's cp2615 driver. A malicious device can exploit this vulnerability by not providing a USB device serial string. This improper handling of the serial string during the i2c adapter name assignment can trigger a NULL-pointer dereference, leading to a system crash and resulting in a Denial of Service (DoS)."], "name": "CVE-2026-31549", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31549\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31549\nhttps://lore.kernel.org/linux-cve-announce/2026042426-CVE-2026-31549-81f8@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,e68c267787778bcdf3d91b06f794faaba7f0d1d1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,4a22af879172336370ae3e81e7f65fb2f69472ee)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,69aece634a7eebafd9a596e5494d52facf6f26ec)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,13ccf9b106bba121728f1625c4375a1bd8f5c5a3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,a9778298f47036866ea15eeb17242e8a4612580f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,efe996bcfe50c2dcc6cf65c574285713b722ced7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[4a7695429eade517b07ea72f9ec366130e81a076,aa79f996eb41e95aed85a1bd7f56bcd6a3842008)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.13"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.13)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.15.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.1.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.19.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T14:17:24.601092+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the cp2615 driver fix (commit id 13ccf9b).", "If an immediate kernel upgrade is not feasible, disable the cp2615 driver or prevent it from loading until a patch is applied.", "Strengthen physical security to restrict USB port access and ensure connected USB devices are verified before connection."], "summary": {"action": "Apply patch", "impact": "NULL dereference leading to possible kernel crash or denial of service"}, "threat_synthesis": {"affected_systems": "The issue exists in all Linux kernels that include the cp2615 driver\u2014for example, kernels 5.13 and 7.0 releases (rc1 through rc7). All Linux kernel variants carrying this driver are potentially affected.", "description_and_impact": "The cp2615 driver in the Linux kernel incorrectly assumes the USB device serial string exists and uses it as the I2C adapter name. If the string is missing, the driver dereferences a NULL pointer, which can crash the kernel or cause a system panic. The vulnerability is a classic NULL pointer dereference (CWE-476) and does not provide direct remote code execution but can disrupt services by halting the kernel.", "risk_and_exploitability": "The CVSS score indicates a medium severity (5.5). The EPSS score is very low (<1%), showing that exploitation is uncommon. The vulnerability is not listed in CISA KEV. The likely attack vector is local USB device insertion: an attacker with physical or remote access that can plug in a USB device lacking a serial string may trigger the crash. The fix requires a NULL-check before accessing the string."}}}}, "created": "2026-04-27T19:15:11.622474+00:00", "updated": "2026-04-28T14:30:33.741512+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}