Linux Kernel I2C QUP Driver Timeout Vulnerability

A vulnerability in the Linux kernel's I2C QUP driver can cause the kernel to hang if a client keeps the bus active, leading to a timeout situation. The original code only updated the return value without exiting the loop, allowing a malicious or faulty I2C client to create a deadlock. This issue was identified during extended testing with a PCA953x GPIO extender. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a kernel hang, causing a denial of service condition.

Reproduction

The vulnerability can be reproduced by using a malicious or buggy I2C client that keeps the bus active, preventing the I2C QUP driver from exiting a loop and causing the kernel to hang. This scenario was observed during long-term testing with a PCA953x GPIO extender.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.