CVE-2026-53339
Received Received - Intake

NULL Pointer Dereference in Qualcomm CCI I2C Driver

Vulnerability report for CVE-2026-53339, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device unbinding or driver removal causes a NULL pointer dereference, because cci_halt() is called for all two I2C masters, but a completion is initialized only for the single enabled master: % rmmod i2c-qcom-cci Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 <snip> Call trace: __wait_for_common+0x194/0x1a8 (P) wait_for_completion_timeout+0x20/0x2c cci_remove+0xc4/0x138 [i2c_qcom_cci] platform_remove+0x20/0x30 device_remove+0x4c/0x80 device_release_driver_internal+0x1c8/0x224 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 qcom_cci_driver_exit+0x18/0x1008 [i2c_qcom_cci] ....

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
qualcomm i2c_qcom_cci *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's Qualcomm CCI I2C controller driver (i2c-qcom-cci). On some boards, only one I2C master is initialized, but the driver attempts to perform cleanup operations on two I2C masters during device removal. Specifically, the function cci_remove() calls cci_halt() for both I2C masters, but a completion object is only initialized for the single enabled master. This mismatch leads to a NULL pointer dereference when the driver tries to wait for a completion that does not exist, causing a kernel crash.

Impact Analysis

This vulnerability can cause a kernel NULL pointer dereference, leading to a system crash or kernel panic when the affected driver is removed or the device is unbound. This can result in denial of service, making the system unstable or unavailable until it is rebooted or the issue is resolved.

Detection Guidance

This vulnerability manifests as a NULL pointer dereference in the Linux kernel when the i2c-qcom-cci driver is removed or unbound. A key indicator is a kernel crash or oops message related to the i2c-qcom-cci module.

You can detect this issue by attempting to remove the i2c-qcom-cci module and observing if a kernel NULL pointer dereference occurs.

  • Run the command: rmmod i2c-qcom-cci
  • Check the kernel logs (e.g., dmesg) for messages indicating a NULL pointer dereference or kernel oops related to i2c_qcom_cci.
Mitigation Strategies

To mitigate this vulnerability, avoid removing or unbinding the i2c-qcom-cci driver on affected systems until a patched kernel version is applied.

Apply the vendor or Linux kernel update that includes the fix for the NULL pointer dereference in cci_remove().

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53339. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart