Linux Kernel DesignWare I2C Clock Multiplication Overflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's DesignWare I2C driver can lead to a 32-bit integer overflow in clock multiplication calculations. This issue arises in the 'i2c_dw_scl_lcnt()' and 'i2c_dw_scl_hcnt()' functions, where the 'ic_clk' parameter, if larger than one million, can cause overflow when multiplied by 4700. The vulnerability has been addressed by adding a cast to 'u64' in the multiplication to prevent overflow and by using the appropriate define for division.

Impact

Exploitation of this vulnerability could lead to incorrect clock signal timing, potentially causing communication errors on the I2C bus.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel DesignWare I2C Clock Multiplication Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating