Linux Kernel I2C Driver Soft Lockup Vulnerability

A soft lockup vulnerability has been identified in the Linux kernel's I2C driver for the NPCM platform. This issue arises when the BMC machine reboots during an I2C transmission, leaving the I2C module in a state that is not reset. As a result, the I2C interrupt handler is continuously triggered, causing a soft lockup condition. The vulnerability has been addressed by disabling the interrupt enable bit in the I2C module before requesting an interrupt, ensuring that the I2C status is properly managed.

Impact

Exploitation of this vulnerability leads to a soft lockup, where a CPU is stuck for an extended period, causing kernel panic and disrupting normal system operations.

Reproduction

The vulnerability can be reproduced by initiating an I2C transmission and then causing the BMC machine to perform a warm reboot. This sequence leaves the I2C module's status unchanged, allowing the I2C interrupt handler to be triggered repeatedly. The soft lockup watchdog timer eventually intervenes, but the underlying issue persists.

Remediation

The vulnerability has been fixed in the Linux kernel by modifying the I2C module to disable the interrupt enable bit before calling the 'devm_request_irq' function. Users should upgrade to the latest version of the Linux kernel where this fix is applied.