CVE-2022-50370
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs") caused a regression on certain Gigabyte motherboards for Intel Alder Lake-S where system crashes to NULL pointer dereference in i2c_dw_xfer_msg() when system resumes from S3 sleep state ("deep"). I was able to debug the issue on Gigabyte Z690 AORUS ELITE and made following notes: - Issue happens when resuming from S3 but not when resuming from "s2idle" - PCI device 00:15.0 == i2c_designware.0 is already in D0 state when system enters into pci_pm_resume_noirq() while all other i2c_designware PCI devices are in D3. Devices were runtime suspended and in D3 prior entering into suspend - Interrupt comes after pci_pm_resume_noirq() when device interrupts are re-enabled - According to register dump the interrupt really comes from the i2c_designware.0. Controller is enabled, I2C target address register points to a one detectable I2C device address 0x60 and the DW_IC_RAW_INTR_STAT register START_DET, STOP_DET, ACTIVITY and TX_EMPTY bits are set indicating completed I2C transaction. My guess is that the firmware uses this controller to communicate with an on-board I2C device during resume but does not disable the controller before giving control to an operating system. I was told the UEFI update fixes this but never the less it revealed the driver is not ready to handle TX_EMPTY (or RX_FULL) interrupt when device is supposed to be idle and state variables are not set (especially the dev->msgs pointer which may point to NULL or stale old data). Introduce a new software status flag STATUS_ACTIVE indicating when the controller is active in driver point of view. Now treat all interrupts that occur when is not set as unexpected and mask all interrupts from the controller.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-05-07
AI Q&A
2025-09-17
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50370
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.12 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in the Linux kernel's i2c designware driver related to handling unexpected device interrupts. Specifically, after resuming from the S3 sleep state on certain Intel Alder Lake-S Gigabyte motherboards, the system can crash due to a NULL pointer dereference in the i2c_dw_xfer_msg() function. The issue arises because the driver does not properly handle interrupts (like TX_EMPTY) when the device is supposed to be idle, leading to the use of invalid or stale data pointers. The root cause is that the firmware uses the I2C controller during resume without disabling it before handing control to the OS, and the driver was not prepared for such interrupts in this state. The fix introduces a software status flag to track when the controller is active and masks unexpected interrupts when it is not.


How can this vulnerability impact me? :

This vulnerability can cause system crashes (NULL pointer dereference) when resuming from the S3 sleep state on affected hardware. This can lead to system instability, unexpected reboots, or data loss during resume operations, impacting system reliability and availability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the system firmware (UEFI) as the issue is reportedly fixed by a UEFI update. Additionally, ensure your Linux kernel includes the fix that introduces a software status flag STATUS_ACTIVE to properly handle unexpected interrupts from the i2c_designware controller during resume from S3 sleep state. Avoid resuming from S3 if possible until the fix is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart