Acknowledged
Created: Aug 24, 2025
Updated: Aug 26, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]i2c: qup: jump out of the loop in case of timeout[EOL][EOL]Original logic only sets the return value but doesn't jump out of the[EOL]loop if the bus is kept active by a client. This is not expected. A[EOL]malicious or buggy i2c client can hang the kernel in this case and[EOL]should be avoided. This is observed during a long time test with a[EOL]PCA953x GPIO extender.[EOL][EOL]Fix it by changing the logic to not only sets the return value, but also[EOL]jumps out of the loop and return to the caller with -ETIMEDOUT.
CREATE(Triage):(User=pbi-cn) [CVE-2025-38671 (https://nvd.nist.gov/vuln/detail/CVE-2025-38671)
