{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31627", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.124Z", "datePublished": "2026-04-24T14:42:48.342Z", "dateUpdated": "2026-05-11T22:12:28.210Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:12:28.210Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: s3c24xx: check the size of the SMBUS message before using it\n\nThe first byte of an i2c SMBUS message is the size, and it should be\nverified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX\nbefore processing it.\n\nThis is the same logic that was added in commit a6e04f05ce0b (\"i2c:\ntegra: check msg length in SMBUS block read\") to the i2c tegra driver."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/busses/i2c-s3c2410.c"], "versions": [{"version": "85747311ecb6167c989093c64a13807366fdd3a9", "lessThan": "fa00738ab30b07db1a43b9c85fc56b8cc3b7d197", "status": "affected", "versionType": "git"}, {"version": "85747311ecb6167c989093c64a13807366fdd3a9", "lessThan": "d87d5620125a03b1eadbd5df39748215d3db7ddb", "status": "affected", "versionType": "git"}, {"version": "85747311ecb6167c989093c64a13807366fdd3a9", "lessThan": "377fae22a137b6b89f3f32399a58c52cf2325416", "status": "affected", "versionType": "git"}, {"version": "85747311ecb6167c989093c64a13807366fdd3a9", "lessThan": "71b3c316b22c555d2769126a92b1244b15a9750d", "status": "affected", "versionType": "git"}, {"version": "85747311ecb6167c989093c64a13807366fdd3a9", "lessThan": "aaaaec39ddbcd06770dca7f1adebc3b1242ebe7b", "status": "affected", "versionType": "git"}, {"version": "85747311ecb6167c989093c64a13807366fdd3a9", "lessThan": "c0128c7157d639a931353ea344fb44aad6d6e17a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/i2c/busses/i2c-s3c2410.c"], "versions": [{"version": "3.10", "status": "affected"}, {"version": "0", "lessThan": "3.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.136", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.83", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.24", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.14", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.1", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.6.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.12.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.18.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.19.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "7.0.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fa00738ab30b07db1a43b9c85fc56b8cc3b7d197"}, {"url": "https://git.kernel.org/stable/c/d87d5620125a03b1eadbd5df39748215d3db7ddb"}, {"url": "https://git.kernel.org/stable/c/377fae22a137b6b89f3f32399a58c52cf2325416"}, {"url": "https://git.kernel.org/stable/c/71b3c316b22c555d2769126a92b1244b15a9750d"}, {"url": "https://git.kernel.org/stable/c/aaaaec39ddbcd06770dca7f1adebc3b1242ebe7b"}, {"url": "https://git.kernel.org/stable/c/c0128c7157d639a931353ea344fb44aad6d6e17a"}], "title": "i2c: s3c24xx: check the size of the SMBUS message before using it", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB898C76-28CD-416F-9777-F00444862F17", "versionEndExcluding": "6.6.136", "versionStartIncluding": "3.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8", "versionEndExcluding": "6.12.83", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8126B8B8-6D0B-4443-86C1-672AEE893555", "versionEndExcluding": "6.18.24", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A8A074-BBF4-4803-ABED-519A839435BB", "versionEndExcluding": "6.19.14", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B5888AB-7403-4335-89E4-21CC0B48366A", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:*", "matchCriteriaId": "82D28405-E1F2-43CF-AA38-B228805AFFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: s3c24xx: check the size of the SMBUS message before using it\n\nThe first byte of an i2c SMBUS message is the size, and it should be\nverified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX\nbefore processing it.\n\nThis is the same logic that was added in commit a6e04f05ce0b (\"i2c:\ntegra: check msg length in SMBUS block read\") to the i2c tegra driver."}], "id": "CVE-2026-31627", "lastModified": "2026-04-27T20:43:43.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-04-24T15:16:42.003", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/377fae22a137b6b89f3f32399a58c52cf2325416"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/71b3c316b22c555d2769126a92b1244b15a9750d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aaaaec39ddbcd06770dca7f1adebc3b1242ebe7b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c0128c7157d639a931353ea344fb44aad6d6e17a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d87d5620125a03b1eadbd5df39748215d3db7ddb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa00738ab30b07db1a43b9c85fc56b8cc3b7d197"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: i2c: s3c24xx: check the size of the SMBUS message before using it", "id": "2461439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461439"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-31627", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31627\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31627\nhttps://lore.kernel.org/linux-cve-announce/2026042427-CVE-2026-31627-bd9b@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[85747311ecb6167c989093c64a13807366fdd3a9,fa00738ab30b07db1a43b9c85fc56b8cc3b7d197)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[85747311ecb6167c989093c64a13807366fdd3a9,d87d5620125a03b1eadbd5df39748215d3db7ddb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[85747311ecb6167c989093c64a13807366fdd3a9,377fae22a137b6b89f3f32399a58c52cf2325416)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[85747311ecb6167c989093c64a13807366fdd3a9,71b3c316b22c555d2769126a92b1244b15a9750d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[85747311ecb6167c989093c64a13807366fdd3a9,aaaaec39ddbcd06770dca7f1adebc3b1242ebe7b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[85747311ecb6167c989093c64a13807366fdd3a9,c0128c7157d639a931353ea344fb44aad6d6e17a)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.10)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.136,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.83,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.24,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0.1,7.0.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T23:37:41.218105+00:00", "value": {"mitigation_remediation": ["Update the kernel to a release that contains the commit a6e04f05ce0b or later, which adds the SMBus message size bounds check.", "If the system cannot be updated, apply the relevant patch from the kernel commit to the s3c24xx driver to enforce the size limit.", "Limit access to the I2C bus by disabling unused drivers, setting appropriate device permissions, or isolating the bus with hardware controls."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (Kernel Panic due to SMBUS buffer overflow)"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in the Linux kernel s3c24xx I2C driver. The known affected kernel releases include 3.10 and all newer kernels that have not incorporated the commit that added the size check. The input does not enumerate system models or device families, so the exact hardware impacted beyond the presence of a s3c24xx I2C controller is not specified. Consequently, any system running an affected kernel build with the s3c24xx driver enabled is potentially vulnerable.", "description_and_impact": "The kernel driver for the s3c24xx I2C controller processes SMBus messages without first verifying that the size byte declared in the message is within the allowed range defined by I2C_SMBUS_BLOCK_MAX. If an attacker supplies a size value larger than the buffer that will hold the data, the driver copies more bytes than the allocated buffer can contain, corrupting kernel memory and leading to a crash. This is an example of an out\u2011of\u2011bounds write that can cause a denial of service. The CVE file lists CWE\u2011129 as the common weakness associated with this flaw.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity. The EPSS score of <1% suggests a low probability of exploitation at present, and the vulnerability is not listed in CISA\u2019s KEV catalog. An attacker would need to have the ability to inject transactions onto the local I2C bus, which is typically a physical or local privilege condition. The lack of remote exploitation paths reduces the overall risk, but a patched kernel eliminates the crash risk entirely."}}}}, "created": "2026-04-27T19:15:11.612861+00:00", "updated": "2026-04-28T23:45:16.055244+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-129"]}