Sign in Subscribe

← All advisories

Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31549

CVE-2026-31549

Description

In the Linux kernel, the following vulnerability has been resolved:

i2c: cp2615: fix serial string NULL-deref at probe

The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists.

Verify that the device has a serial number before accessing it to avoid triggering a NULL-pointer dereference (e.g. with malicious devices).

Affected products

9

Linux/Kernel9 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.13.1,<5.15.203
- cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

0

No linked articles in our index yet.

Severity

MediumCVSS v3.1

5.5/ 10

Attack vector: Local
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Probability of exploitation in the next 30 days.

0.01%

VYPR risk score

Composite of severity, exploitation, and reach.

0.36medium

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-476
NULL Pointer Dereference

CVE ID

CVE-2026-31549

Source code