CVE-2025-38671
Published: Aug 22, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected fbfab1ab065879370541caf0e514987368eb41b2 - < cbec4406998185e0311ae97dfacc649f9cd79b0baffected fbfab1ab065879370541caf0e514987368eb41b2 - < acfa2948be630ad857535cb36153697f3cbf9ca9affected fbfab1ab065879370541caf0e514987368eb41b2 - < d05ec13aa3eb868a60dc961b489053a643863ddcaffected fbfab1ab065879370541caf0e514987368eb41b2 - < c523bfba46c4b4d7676fb050909533a766698ecdaffected fbfab1ab065879370541caf0e514987368eb41b2 - < 0d33913fce67a93c1eb83396c3c9d6b411dcab33+3 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 5.4.297 - <= 5.4.*unaffected 5.10.241 - <= 5.10.*unaffected 5.15.190 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now