CVE-2025-38671

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38671
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38671.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38671
Downstream
Related
Published
2025-08-22T16:03:02.151Z
Modified
2026-03-12T02:15:41.132257Z
Summary
i2c: qup: jump out of the loop in case of timeout
Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: qup: jump out of the loop in case of timeout

Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender.

Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38671.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fbfab1ab065879370541caf0e514987368eb41b2
Fixed
cbec4406998185e0311ae97dfacc649f9cd79b0b
Fixed
acfa2948be630ad857535cb36153697f3cbf9ca9
Fixed
d05ec13aa3eb868a60dc961b489053a643863ddc
Fixed
c523bfba46c4b4d7676fb050909533a766698ecd
Fixed
0d33913fce67a93c1eb83396c3c9d6b411dcab33
Fixed
42c4471b30fa203249f476dd42321cd7efb7f6a8
Fixed
89459f168b78e5c801dc8b7ad037b62898bc4f57
Fixed
a7982a14b3012527a9583d12525cd0dc9f8d8934

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38671.json"