Description
In the Linux kernel, the following vulnerability has been resolved:

i2c: imx: fix clock and pinctrl state inconsistency in runtime PM

In i2c_imx_runtime_suspend(), the clock is disabled before switching
the pinctrl state to sleep. If pinctrl_pm_select_sleep_state() fails,
the runtime suspend is aborted but the clock remains disabled, causing
a system crash when the hardware is subsequently accessed.

Fix this by switching the pinctrl state before disabling the clock so
that a pinctrl failure leaves the clock enabled and the hardware
accessible.

In i2c_imx_runtime_resume(), restore the pinctrl state back to sleep
if clk_enable() fails to keep the consistent.
Published: 2026-07-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In i2c_imx_runtime_suspend(), the driver disabled the clock before switching the pinctrl state to sleep. If pinctrl_pm_select_sleep_state() fails, the routine aborted but left the clock disabled, causing subsequent hardware access to trigger a kernel panic. The patch reverses the operation order so that a pinctrl failure leaves the clock enabled, preventing the hardware from becoming unusable. During resume, a failure to enable the clock also restores the pinctrl state, keeping consistency. The flaw leads directly to a system crash when the device is accessed after a failed suspend or resume cycle.

Affected Systems

All Linux kernel builds that include the i2c_imx driver on i.MX SoCs are affected. The flaw exists in the generic i2c_imx code that is part of the mainline kernel. Therefore any kernel that has not merged the relevant patch in the included driver can experience the issue.

Risk and Exploitability

The CVSS score is not provided and EPSS is unavailable, so quantitative risk is unknown. The vulnerability is not listed in CISA KEV. The likely attack vector requires a local attacker or a privileged process that can trigger a runtime suspend or resume cycle on an i.MX device. By causing the pinctrl failure path, the attacker can induce a system crash or reboot, providing a denial of service.

Generated by OpenCVE AI on July 1, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the patch to reorder clock and pin control operations.
  • Temporarily disable or mask the affected I2C devices in the device tree or kernel configuration to prevent their use during suspend/resume until the patch is applied.
  • After applying the patch, reboot the system to ensure the new ordering takes effect and monitor the logs for residual errors.

Generated by OpenCVE AI on July 1, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-391
CWE-395

Wed, 01 Jul 2026 13:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2c_imx_runtime_suspend(), the clock is disabled before switching the pinctrl state to sleep. If pinctrl_pm_select_sleep_state() fails, the runtime suspend is aborted but the clock remains disabled, causing a system crash when the hardware is subsequently accessed. Fix this by switching the pinctrl state before disabling the clock so that a pinctrl failure leaves the clock enabled and the hardware accessible. In i2c_imx_runtime_resume(), restore the pinctrl state back to sleep if clk_enable() fails to keep the consistent.
Title i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-01T13:32:22.276Z

Reserved: 2026-06-09T07:44:35.399Z

Link: CVE-2026-53340

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:30:15Z

Weaknesses
  • CWE-391

    Unchecked Error Condition

  • CWE-395

    Use of NullPointerException Catch to Detect NULL Pointer Dereference