CVE-2026-31549

Source
https://cve.org/CVERecord?id=CVE-2026-31549
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31549.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31549
Downstream
Published
2026-04-24T14:33:16.814Z
Modified
2026-07-15T01:48:53.675638685Z
Summary
i2c: cp2615: fix serial string NULL-deref at probe
Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: cp2615: fix serial string NULL-deref at probe

The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists.

Verify that the device has a serial number before accessing it to avoid triggering a NULL-pointer dereference (e.g. with malicious devices).

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31549.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4a7695429eade517b07ea72f9ec366130e81a076
Fixed
e68c267787778bcdf3d91b06f794faaba7f0d1d1
Fixed
4a22af879172336370ae3e81e7f65fb2f69472ee
Fixed
69aece634a7eebafd9a596e5494d52facf6f26ec
Fixed
13ccf9b106bba121728f1625c4375a1bd8f5c5a3
Fixed
a9778298f47036866ea15eeb17242e8a4612580f
Fixed
efe996bcfe50c2dcc6cf65c574285713b722ced7
Fixed
aa79f996eb41e95aed85a1bd7f56bcd6a3842008

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31549.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31549.json"