CVE-2026-53340
Received Received - Intake

i2c_imx Runtime PM Clock and Pinctrl State Inconsistency

Vulnerability report for CVE-2026-53340, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2c_imx_runtime_suspend(), the clock is disabled before switching the pinctrl state to sleep. If pinctrl_pm_select_sleep_state() fails, the runtime suspend is aborted but the clock remains disabled, causing a system crash when the hardware is subsequently accessed. Fix this by switching the pinctrl state before disabling the clock so that a pinctrl failure leaves the clock enabled and the hardware accessible. In i2c_imx_runtime_resume(), restore the pinctrl state back to sleep if clk_enable() fails to keep the consistent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's i2c driver for imx devices related to runtime power management (PM). Specifically, during the runtime suspend process, the clock is disabled before the pinctrl state is switched to sleep. If the function to select the sleep state for pinctrl fails, the suspend process is aborted but the clock remains disabled. This leads to a system crash when the hardware is accessed afterward.

The fix involves changing the order of operations: switching the pinctrl state before disabling the clock. This ensures that if the pinctrl state switch fails, the clock remains enabled and the hardware remains accessible, preventing the crash.

Impact Analysis

This vulnerability can cause a system crash when the hardware is accessed after a failed runtime suspend operation in the i2c imx driver. This can lead to system instability or downtime, potentially interrupting normal operations or causing data loss if the system crashes unexpectedly.

Mitigation Strategies

The vulnerability is related to the Linux kernel's i2c imx driver handling of clock and pinctrl state during runtime power management. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix where the pinctrl state is switched before disabling the clock in i2c_imx_runtime_suspend(), and where the pinctrl state is restored if clk_enable() fails in i2c_imx_runtime_resume().

This update ensures that if pinctrl_pm_select_sleep_state() fails, the clock remains enabled, preventing system crashes when hardware is accessed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart