Bug 2495956 (CVE-2026-53340) - CVE-2026-53340 kernel: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
Summary: CVE-2026-53340 kernel: i2c: imx: fix clock and pinctrl state inconsistency in...
Keywords:
Status: NEW
Alias: CVE-2026-53340
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-01 14:03 UTC by OSIDB Bzimport
Modified: 2026-07-01 16:04 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-01 14:03:32 UTC
In the Linux kernel, the following vulnerability has been resolved:

i2c: imx: fix clock and pinctrl state inconsistency in runtime PM

In i2c_imx_runtime_suspend(), the clock is disabled before switching
the pinctrl state to sleep. If pinctrl_pm_select_sleep_state() fails,
the runtime suspend is aborted but the clock remains disabled, causing
a system crash when the hardware is subsequently accessed.

Fix this by switching the pinctrl state before disabling the clock so
that a pinctrl failure leaves the clock enabled and the hardware
accessible.

In i2c_imx_runtime_resume(), restore the pinctrl state back to sleep
if clk_enable() fails to keep the consistent.

Comment 1 Mauro Matteo Cascella 2026-07-01 15:56:04 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53340-a78c@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.