Unrated severityNVD Advisory· Published Feb 14, 2026
i2c: imx: preserve error state in block data length handler
CVE-2026-23197
Description
In the Linux kernel, the following vulnerability has been resolved:
i2c: imx: preserve error state in block data length handler
When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK_MAX, the length handler sets the state to IMX_I2C_STATE_FAILED. However, i2c_imx_master_isr() unconditionally overwrites this with IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns buffers and crashes the system.
Guard the state transition to preserve error states set by the length handler.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.