Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-38671

Published: August 25, 2025Last modified: August 25, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlinux-ltsVulnerable (6.1.147-r0)
25 LTSlinux-ltsFixed (6.12.41-r0)
Streamlinux-ltsFixed (6.12.41-r0)

References

ON THIS PAGE