CVE-2026-23197
MEDIUM EPSS 1.1%
Published Feb 14, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Feb 14, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK_MAX, the length handler sets the state to IMX_I2C_STATE_FAILED. However, i2c_imx_master_isr() unconditionally overwrites this with IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns buffers and crashes the system. Guard the state transition to preserve error states set by the length handler.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 9
References 2
- git.kernel.org https://git.kernel.org/stable/c/3f9b508b3eecc00a243edf320bd83834d6a9b482
- git.kernel.org https://git.kernel.org/stable/c/b126097b0327437048bd045a0e4d273dea2910dd
Remediation
- git.kernel.org https://git.kernel.org/stable/c/3f9b508b3eecc00a243edf320bd83834d6a9b482
- git.kernel.org https://git.kernel.org/stable/c/b126097b0327437048bd045a0e4d273dea2910dd