SMBUS Message Size Validation Vulnerability in Linux Kernel
CVE-2026-31627

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31627?

A vulnerability in the Linux kernel's i2c subsystem exists due to improper validation of the size of SMBUS messages. The first byte of the SMBUS message is intended to indicate its size, which must be verified to ensure it falls within the permissible range of 0 to I2C_SMBUS_BLOCK_MAX. Failing to perform this check could lead to unexpected behavior when processing the message, potentially causing integrity and stability issues in systems utilizing the i2c subsystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 377fae22a137b6b89f3f32399a58c52cf2325416

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 71b3c316b22c555d2769126a92b1244b15a9750d

References

https://git.kernel.org/stable/c/d87d5620125a03b1eadbd5df3...

https://git.kernel.org/stable/c/377fae22a137b6b89f3f32399...

https://git.kernel.org/stable/c/71b3c316b22c555d2769126a9...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31627 Data

JSON