HomeDefault status
unaffected
5f5c2d4579ca6836f5604cca979debd68ecfe23f (git) before 3f9b508b3eecc00a243edf320bd83834d6a9b482
affected
5f5c2d4579ca6836f5604cca979debd68ecfe23f (git) before b126097b0327437048bd045a0e4d273dea2910dd
affected
Default status
affected
6.13
affected
Any version before 6.13
unaffected
6.18.10 (semver)
unaffected
6.19 (original_commit_for_fix)
unaffected
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK_MAX, the length handler sets the state to IMX_I2C_STATE_FAILED. However, i2c_imx_master_isr() unconditionally overwrites this with IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns buffers and crashes the system. Guard the state transition to preserve error states set by the length handler.
Product status
5f5c2d4579ca6836f5604cca979debd68ecfe23f (git) before 3f9b508b3eecc00a243edf320bd83834d6a9b482
5f5c2d4579ca6836f5604cca979debd68ecfe23f (git) before b126097b0327437048bd045a0e4d273dea2910dd
6.13
Any version before 6.13
6.18.10 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/3f9b508b3eecc00a243edf320bd83834d6a9b482
git.kernel.org/...c/b126097b0327437048bd045a0e4d273dea2910dd