Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before accessing it to avoid triggering a NULL-pointer dereference (e.g. with malicious devices).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.13.1, < 5.15.203 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/13ccf9b106bba121728f1625c4375a1bd8f5c5a3Patch
- https://git.kernel.org/stable/c/4a22af879172336370ae3e81e7f65fb2f69472eePatch
- https://git.kernel.org/stable/c/69aece634a7eebafd9a596e5494d52facf6f26ecPatch
- https://git.kernel.org/stable/c/a9778298f47036866ea15eeb17242e8a4612580fPatch
- https://git.kernel.org/stable/c/aa79f996eb41e95aed85a1bd7f56bcd6a3842008Patch
- https://git.kernel.org/stable/c/e68c267787778bcdf3d91b06f794faaba7f0d1d1Patch
- https://git.kernel.org/stable/c/efe996bcfe50c2dcc6cf65c574285713b722ced7Patch
FAQ
What is CVE-2026-31549?
CVE-2026-31549 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but...
How severe is CVE-2026-31549?
CVE-2026-31549 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-31549?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.