VYPR
← All advisories
High severity7.8NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31627

CVE-2026-31627

Description

In the Linux kernel, the following vulnerability has been resolved:

i2c: s3c24xx: check the size of the SMBUS message before using it

The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX before processing it.

This is the same logic that was added in commit a6e04f05ce0b ("i2c: tegra: check msg length in SMBUS block read") to the i2c tegra driver.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing bounds check in s3c24xx I2C SMBus block read allows out-of-bounds access; patched in Linux kernel.

Vulnerability

A missing bounds check in the Linux kernel's i2c: s3c24xx driver can lead to out-of-bounds memory access. The first byte of an I2C SMBus message specifies the block size, but the driver did not verify that this size falls within the valid range of 0..I2C_SMBUS_BLOCK_MAX before processing the message [1][4]. This oversight mirrors a previously fixed issue in the Tegra I2C driver addressed by commit a6e04f05ce0b [1].

Exploitation

Exploitation requires an attacker to control or influence an I2C SMBus block read transaction handled by the s3c24xx driver. No special privileges are needed beyond the ability to communicate with the driver, which could be achieved locally through a malicious userspace program or by a compromised I2C peripheral device [1]. The attack surface is local; the vulnerability is not remotely exploitable without prior access.

Impact

A successful exploit could allow an attacker to read or write memory outside the intended buffer, potentially leading to information disclosure or system instability. Given the CVSS v3 score of 7.8 (High), the impact is considered significant, though not directly leading to remote code execution without other primitives [1].

Mitigation

The fix has been applied to the Linux kernel stable branches. Users should update to a kernel version containing the commit fa00738ab30b or its backports [1][2][3][4]. No workaround is available; updating is the recommended course of action.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=3.10.1,<6.6.136
    • cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.