VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54175

CVE-2023-54175

Description

In the Linux kernel, the following vulnerability has been resolved:

i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path

The xiic_xfer() function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currently one error path where the function exits directly, which leads to a leak of the runtime PM reference.

Make sure that this error path also releases the runtime PM reference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The xiic_xfer() function in the Linux kernel's I2C XIIC driver leaks a runtime PM reference on one error path, requiring a fix to properly release the reference.

Vulnerability

Overview

In the Linux kernel, the I2C XIIC driver's xiic_xfer() function acquires a runtime power management (PM) reference upon entry. The reference is normally released when the function exits. However, one specific error path in xiic_xfer() returns directly without releasing the PM reference, causing a resource leak [1].

Exploitation and

Impact

This vulnerability affects systems using the I2C XIIC driver, typically embedded platforms where runtime PM is used to manage power consumption. An attacker could potentially trigger this error path repeatedly, leading to exhaustion of runtime PM references. Over time, this could prevent the device from entering low-power states or cause instability, though the impact is primarily resource depletion rather than code execution [2].

Mitigation

The fix ensures that all error paths in xiic_xfer() properly release the runtime PM reference. The patch has been applied to the Linux kernel stable tree and is available in multiple stable versions [3]. Users should update to a patched kernel version to avoid the leak.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

6
2d320d9de7d3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
72cb227a368c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
06e661a25997
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
6027d84c073e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
688fdfc458bf
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d663d93bb47e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.