Impact
In i2c_imx_runtime_suspend(), the driver disabled the clock before switching the pinctrl state to sleep. If pinctrl_pm_select_sleep_state() fails, the routine aborted but left the clock disabled, causing subsequent hardware access to trigger a kernel panic. The patch reverses the operation order so that a pinctrl failure leaves the clock enabled, preventing the hardware from becoming unusable. During resume, a failure to enable the clock also restores the pinctrl state, keeping consistency. The flaw leads directly to a system crash when the device is accessed after a failed suspend or resume cycle.
Affected Systems
All Linux kernel builds that include the i2c_imx driver on i.MX SoCs are affected. The flaw exists in the generic i2c_imx code that is part of the mainline kernel. Therefore any kernel that has not merged the relevant patch in the included driver can experience the issue.
Risk and Exploitability
The CVSS score is not provided and EPSS is unavailable, so quantitative risk is unknown. The vulnerability is not listed in CISA KEV. The likely attack vector requires a local attacker or a privileged process that can trigger a runtime suspend or resume cycle on an i.MX device. By causing the pinctrl failure path, the attacker can induce a system crash or reboot, providing a denial of service.
OpenCVE Enrichment