Linux Kernel i2c Designware Unexpected Interrupt Handling Vulnerability

A vulnerability in the Linux kernel's i2c designware driver can lead to a NULL pointer dereference when the system resumes from a deep sleep state (S3) on certain Gigabyte motherboards with Intel Alder Lake-S processors. This issue occurs because the i2c controller interrupts are not properly managed, causing the system to crash. The problem arises when the firmware leaves the i2c controller active without disabling it before the operating system takes control, leading to unexpected interrupts that the driver is not prepared to handle.

Impact

This vulnerability causes a system crash due to a NULL pointer dereference, disrupting normal operation and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by resuming a system from the S3 sleep state on a Gigabyte motherboard with an Intel Alder Lake-S processor. After the system resumes, the i2c designware driver will encounter an unexpected interrupt from the i2c controller, which is still active. This interrupt will not be properly handled by the driver, leading to a NULL pointer dereference and a system crash.

Remediation

Users can apply a UEFI update that is reported to fix this issue. Additionally, the Linux kernel has been patched to handle the interrupts correctly by introducing a new status flag that indicates when the controller is active from the driver's perspective. This patch is available in the Linux kernel stable tree.