CVE-2026-23197

CWE-476NULL Pointer DereferenceCWE-8357 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 96.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK_MAX, the length handler sets the state to IMX_I2C_STATE_FAILED. However, i2c_imx_master_isr() unconditionally overwrites this with IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns buffers and crashes the system. Guard the state transition to preserve error states set by the l

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.136.18.10+1
CVEListV5linux/linux5f5c2d4579ca6836f5604cca979debd68ecfe23f3f9b508b3eecc00a243edf320bd83834d6a9b482+2
Debianlinux< 6.18.10-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23197: In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read retu2026-02-14
GHSA
GHSA-hp2v-w3xq-4jvv: In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read re2026-02-14
CVEList
i2c: imx: preserve error state in block data length handler2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel i2c-imx driver: Denial of Service via invalid I2C block data length handling2026-02-14
Debian
CVE-2026-23197: linux - In the Linux kernel, the following vulnerability has been resolved: i2c: imx: p...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23197 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23197 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io