CVE-2026-31729

HIGH EPSS 2.9%
Published May 1, 20262mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsi_notify_common() The connector number extracted from CCI via UCSI_CCI_CONNECTOR() is a 7-bit field (0-127) that is used to index into the connector array in ucsi_connector_change(). However, the array is only allocated for the number of connectors reported by the device (typically 2-4 entries). A malicious or malfunctioning device could report an out-of-range connector number in the CCI, causing an out-of-bounds array access in ucsi_connector_change(). Add a bounds check in ucsi_notify_common(), the central point where CCI is parsed after arriving from hardware, so that bogus connector numbers are rejected before they propagate further.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.5  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/98429e9ec89a5e3a204112dfaa2dbe6ca28493a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2d8c17ac01a1b1f638ea5d340a884ccc5015186
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4e608fe12b7ac6a4a57176ab0296bb5a110a078
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6dcbf2b024d55549959402f1db6c614e51d52cb
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/98429e9ec89a5e3a204112dfaa2dbe6ca28493a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2d8c17ac01a1b1f638ea5d340a884ccc5015186
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4e608fe12b7ac6a4a57176ab0296bb5a110a078
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6dcbf2b024d55549959402f1db6c614e51d52cb
    Patch