Linux Kernel i2c IMX Block Length Handler Endless Loop Buffer Overrun
CVE-2026-23197 Published on February 14, 2026
i2c: imx: preserve error state in block data length handler
In the Linux kernel, the following vulnerability has been resolved:
i2c: imx: preserve error state in block data length handler
When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK_MAX,
the length handler sets the state to IMX_I2C_STATE_FAILED. However,
i2c_imx_master_isr() unconditionally overwrites this with
IMX_I2C_STATE_READ_CONTINUE, causing an endless read loop that overruns
buffers and crashes the system.
Guard the state transition to preserve error states set by the length
handler.
Products Associated with CVE-2026-23197
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-23197 are published in Linux Kernel:
Affected Versions
Linux:- Version 5f5c2d4579ca6836f5604cca979debd68ecfe23f and below 3f9b508b3eecc00a243edf320bd83834d6a9b482 is affected.
- Version 5f5c2d4579ca6836f5604cca979debd68ecfe23f and below b126097b0327437048bd045a0e4d273dea2910dd is affected.
- Version 6.13 is affected.
- Before 6.13 is unaffected.
- Version 6.18.10, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.