CVE-2022-50370

EPSS 0.02%
Veröffentlicht 17.09.2025 14:56:26
Zuletzt bearbeitet 18.09.2025 13:43:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

i2c: designware: Fix handling of real but unexpected device interrupts

Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI
IDs") caused a regression on certain Gigabyte motherboards for Intel
Alder Lake-S where system crashes to NULL pointer dereference in
i2c_dw_xfer_msg() when system resumes from S3 sleep state ("deep").

I was able to debug the issue on Gigabyte Z690 AORUS ELITE and made
following notes:

- Issue happens when resuming from S3 but not when resuming from
  "s2idle"
- PCI device 00:15.0 == i2c_designware.0 is already in D0 state when
  system enters into pci_pm_resume_noirq() while all other i2c_designware
  PCI devices are in D3. Devices were runtime suspended and in D3 prior
  entering into suspend
- Interrupt comes after pci_pm_resume_noirq() when device interrupts are
  re-enabled
- According to register dump the interrupt really comes from the
  i2c_designware.0. Controller is enabled, I2C target address register
  points to a one detectable I2C device address 0x60 and the
  DW_IC_RAW_INTR_STAT register START_DET, STOP_DET, ACTIVITY and
  TX_EMPTY bits are set indicating completed I2C transaction.

My guess is that the firmware uses this controller to communicate with
an on-board I2C device during resume but does not disable the controller
before giving control to an operating system.

I was told the UEFI update fixes this but never the less it revealed the
driver is not ready to handle TX_EMPTY (or RX_FULL) interrupt when device
is supposed to be idle and state variables are not set (especially the
dev->msgs pointer which may point to NULL or stale old data).

Introduce a new software status flag STATUS_ACTIVE indicating when the
controller is active in driver point of view. Now treat all interrupts
that occur when is not set as unexpected and mask all interrupts from
the controller.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 7fa5304c4b5b425d4a0b3acf10139a7f6108a85f

Version c7b79a75287141cef5bbaeaf1c942269c08cd52e

Status affected

Version < a206f7fbe9589c60fafad12884628c909ecb042f

Version c7b79a75287141cef5bbaeaf1c942269c08cd52e

Status affected

Version < aa59ac81e859006d3a1df035a19b3f2089110f93

Version c7b79a75287141cef5bbaeaf1c942269c08cd52e

Status affected

Version < 301c8f5c32c8fb79c67539bc23972dc3ef48024c

Version c7b79a75287141cef5bbaeaf1c942269c08cd52e

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.12

Status affected

Version < 5.12

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/7fa5304c4b5b425d4a0b3acf10139a7f6108a85f

https://git.kernel.org/stable/c/a206f7fbe9589c60fafad12884628c909ecb042f

https://git.kernel.org/stable/c/aa59ac81e859006d3a1df035a19b3f2089110f93

https://git.kernel.org/stable/c/301c8f5c32c8fb79c67539bc23972dc3ef48024c

https://nvd.nist.gov/vuln/detail/CVE-2022-50370

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50370

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50370

EUVD