Bug 2461518 (CVE-2026-31549)

Summary: CVE-2026-31549 kernel: i2c: cp2615: fix serial string NULL-deref at probe
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's cp2615 driver. A malicious device can exploit this vulnerability by not providing a USB device serial string. This improper handling of the serial string during the i2c adapter name assignment can trigger a NULL-pointer dereference, leading to a system crash and resulting in a Denial of Service (DoS).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-04-24 15:06:11 UTC 
In the Linux kernel, the following vulnerability has been resolved:

i2c: cp2615: fix serial string NULL-deref at probe

The cp2615 driver uses the USB device serial string as the i2c adapter
name but does not make sure that the string exists.

Verify that the device has a serial number before accessing it to avoid
triggering a NULL-pointer dereference (e.g. with malicious devices).
Comment 1 Keith Grant 2026-04-24 17:06:00 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026042426-CVE-2026-31549-81f8@gregkh/T