Cyber Resilience

CVE-2026-31627

HighUpdated

Published: 24 April 2026

Published
24 April 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31627 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31627 is a vulnerability in the Linux kernel's i2c-s3c24xx driver, which handles I2C operations for Samsung S3C24xx platforms. The issue arises from a failure to validate the size byte in an I2C SMBUS message before processing it, potentially allowing the message size to exceed the valid range of 0 to I2C_SMBUS_BLOCK_MAX. This mirrors a prior fix in the i2c-tegra driver via commit a6e04f05ce0b, highlighting inconsistent bounds checking across I2C drivers.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation leads to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U). The unchanged scope (S:U) suggests potential for kernel-level disruption, such as memory corruption or denial of service.

Mitigation involves applying the relevant stable kernel patches referenced in the advisory, including commits 377fae22a137b6b89f3f32399a58c52cf2325416, 71b3c316b22c555d2769126a92b1244b15a9750d, aaaaec39ddbcd06770dca7f1adebc3b1242ebe7b, c0128c7157d639a931353ea344fb44aad6d6e17a, and d87d5620125a03b1eadbd5df39748215d3db7ddb, available via git.kernel.org. These commits explicitly add the size validation logic to resolve the issue.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure…

more

that it is in the range of 0..I2C_SMBUS_BLOCK_MAX before processing it. This is the same logic that was added in commit a6e04f05ce0b ("i2c: tegra: check msg length in SMBUS block read") to the i2c tegra driver.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel driver memory corruption (missing bounds check on I2C SMBUS size) with low-priv attacker and high C/I/A impact directly enables T1068 (Exploitation for Privilege Escalation) and T1499.004 (Endpoint DoS via Application/System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31558Same product: Linux Linux Kernel
CVE-2025-21680Same product: Linux Linux Kernel
CVE-2026-31419Same product: Linux Linux Kernel
CVE-2026-23350Same product: Linux Linux Kernel
CVE-2025-21647Same product: Linux Linux Kernel
CVE-2025-21791Same product: Linux Linux Kernel
CVE-2026-31502Same product: Linux Linux Kernel
CVE-2025-21883Same product: Linux Linux Kernel
CVE-2026-31548Same product: Linux Linux Kernel
CVE-2026-31485Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
3.10 · 3.10.1 — 6.6.136 · 6.7 — 6.12.83 · 6.13 — 6.18.24

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the SMBUS message size byte to ensure it falls within 0 to I2C_SMBUS_BLOCK_MAX before processing, addressing the core bounds checking failure in the i2c-s3c24xx driver.

prevent

Mandates timely identification, reporting, and application of kernel patches such as commits 377fae22a137b6b89f3f32399a58c52cf2325416 et al., which add the missing size validation.

detect

Vulnerability scanning detects kernel driver flaws like CVE-2026-31627 in the i2c-s3c24xx module, enabling prompt remediation.

References