Login Sign Up

CVE-2026-23197

N/A Unknown
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's i2c-imx driver allows an endless read loop when handling invalid block data lengths. This can cause buffer overruns leading to system crashes or potential kernel memory corruption. Systems using affected Linux kernel versions with i2c-imx driver enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches exist in stable branches
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when i2c-imx driver is enabled and used for block read operations.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential kernel memory corruption leading to privilege escalation or denial of service.

🟠

Likely Case

System crash or kernel panic when processing malformed i2c block read operations.

🟢

If Mitigated

No impact if i2c-imx driver is disabled or systems are not using i2c block read functionality.

🌐 Internet-Facing: LOW - This requires local access or i2c bus access to trigger.
🏢 Internal Only: MEDIUM - Local users or processes with i2c access could crash the system.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to send malformed i2c block read requests, typically through local access or compromised i2c devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches (commits 3f9b508b3eecc00a243edf320bd83834d6a9b482 and b126097b0327437048bd045a0e4d273dea2910dd)

Vendor Advisory: https://git.kernel.org/stable/c/3f9b508b3eecc00a243edf320bd83834d6a9b482

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Reboot system to load new kernel. 3. Verify i2c-imx driver is using patched version.

🔧 Temporary Workarounds

Disable i2c-imx driver

Linux

Prevent loading of vulnerable i2c-imx driver module

echo 'blacklist i2c-imx' >> /etc/modprobe.d/blacklist.conf
rmmod i2c_imx

🧯 If You Can't Patch

  • Restrict i2c device access to trusted users and processes only
  • Monitor system logs for i2c errors or kernel panics related to i2c operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if i2c-imx driver is loaded: lsmod | grep i2c_imx

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check dmesg for i2c-imx driver version

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • i2c error messages in dmesg
  • System crash logs

Network Indicators:

  • Not applicable - local hardware bus vulnerability

SIEM Query:

source="kernel" AND ("i2c-imx" OR "i2c_imx") AND ("panic" OR "crash" OR "error")

📊 Metadata

CVE ID: CVE-2026-23197
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON