Bug 2390395 (CVE-2025-38671) - CVE-2025-38671 kernel: i2c: qup: jump out of the loop in case of timeout
Summary: CVE-2025-38671 kernel: i2c: qup: jump out of the loop in case of timeout
Keywords:
Status: NEW
Alias: CVE-2025-38671
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-22 17:04 UTC by OSIDB Bzimport
Modified: 2025-08-25 05:13 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2025-08-22 17:04:41 UTC
In the Linux kernel, the following vulnerability has been resolved:

i2c: qup: jump out of the loop in case of timeout

Original logic only sets the return value but doesn't jump out of the
loop if the bus is kept active by a client. This is not expected. A
malicious or buggy i2c client can hang the kernel in this case and
should be avoided. This is observed during a long time test with a
PCA953x GPIO extender.

Fix it by changing the logic to not only sets the return value, but also
jumps out of the loop and return to the caller with -ETIMEDOUT.


Note You need to log in before you can comment on or make changes to this bug.