CVE-2026-23055 (GCVE-0-2026-23055)
Vulnerability from cvelistv5
Published
2026-02-04 16:04
Modified
2026-02-09 08:37
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 ("i2c: riic: Add suspend/resume support") added suspend support for the Renesas I2C driver and following this change on RZ/G3E the following WARNING is seen on entering suspend ... [ 134.275704] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 134.285536] ------------[ cut here ]------------ [ 134.290298] i2c i2c-2: Transfer while suspended [ 134.295174] WARNING: drivers/i2c/i2c-core.h:56 at __i2c_smbus_xfer+0x1e4/0x214, CPU#0: systemd-sleep/388 [ 134.365507] Tainted: [W]=WARN [ 134.368485] Hardware name: Renesas SMARC EVK version 2 based on r9a09g047e57 (DT) [ 134.375961] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 134.382935] pc : __i2c_smbus_xfer+0x1e4/0x214 [ 134.387329] lr : __i2c_smbus_xfer+0x1e4/0x214 [ 134.391717] sp : ffff800083f23860 [ 134.395040] x29: ffff800083f23860 x28: 0000000000000000 x27: ffff800082ed5d60 [ 134.402226] x26: 0000001f4395fd74 x25: 0000000000000007 x24: 0000000000000001 [ 134.409408] x23: 0000000000000000 x22: 000000000000006f x21: ffff800083f23936 [ 134.416589] x20: ffff0000c090e140 x19: ffff0000c090e0d0 x18: 0000000000000006 [ 134.423771] x17: 6f63657320313030 x16: 2e30206465737061 x15: ffff800083f23280 [ 134.430953] x14: 0000000000000000 x13: ffff800082b16ce8 x12: 0000000000000f09 [ 134.438134] x11: 0000000000000503 x10: ffff800082b6ece8 x9 : ffff800082b16ce8 [ 134.445315] x8 : 00000000ffffefff x7 : ffff800082b6ece8 x6 : 80000000fffff000 [ 134.452495] x5 : 0000000000000504 x4 : 0000000000000000 x3 : 0000000000000000 [ 134.459672] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c9ee9e80 [ 134.466851] Call trace: [ 134.469311] __i2c_smbus_xfer+0x1e4/0x214 (P) [ 134.473715] i2c_smbus_xfer+0xbc/0x120 [ 134.477507] i2c_smbus_read_byte_data+0x4c/0x84 [ 134.482077] isl1208_i2c_read_time+0x44/0x178 [rtc_isl1208] [ 134.487703] isl1208_rtc_read_time+0x14/0x20 [rtc_isl1208] [ 134.493226] __rtc_read_time+0x44/0x88 [ 134.497012] rtc_read_time+0x3c/0x68 [ 134.500622] rtc_suspend+0x9c/0x170 The warning is triggered because I2C transfers can still be attempted while the controller is already suspended, due to inappropriate ordering of the system sleep callbacks. If the controller is autosuspended, there is no way to wake it up once runtime PM disabled (in suspend_late()). During system resume, the I2C controller will be available only after runtime PM is re-enabled (in resume_early()). However, this may be too late for some devices. Wake up the controller in the suspend() callback while runtime PM is still enabled. The I2C controller will remain available until the suspend_noirq() callback (pm_runtime_force_suspend()) is called. During resume, the I2C controller can be restored by the resume_noirq() callback (pm_runtime_force_resume()). Finally, the resume() callback re-enables autosuspend. As a result, the I2C controller can remain available until the system enters suspend_noirq() and from resume_noirq().
References
Impacted products
Vendor Product Version
Linux Linux Version: 53326135d0e041ebe7d08bf22f82529ae69a096e
Version: 53326135d0e041ebe7d08bf22f82529ae69a096e
Version: 53326135d0e041ebe7d08bf22f82529ae69a096e
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-riic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "469f8fe4c87e43520f279e45b927c35d6fe99194",
              "status": "affected",
              "version": "53326135d0e041ebe7d08bf22f82529ae69a096e",
              "versionType": "git"
            },
            {
              "lessThan": "0b4c0fbbe00b7de76bdaea7fa771017d7a979b0d",
              "status": "affected",
              "version": "53326135d0e041ebe7d08bf22f82529ae69a096e",
              "versionType": "git"
            },
            {
              "lessThan": "e383f0961422f983451ac4dd6aed1a3d3311f2be",
              "status": "affected",
              "version": "53326135d0e041ebe7d08bf22f82529ae69a096e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-riic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.67",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.7",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: riic: Move suspend handling to NOIRQ phase\n\nCommit 53326135d0e0 (\"i2c: riic: Add suspend/resume support\") added\nsuspend support for the Renesas I2C driver and following this change\non RZ/G3E the following WARNING is seen on entering suspend ...\n\n[  134.275704] Freezing remaining freezable tasks completed (elapsed 0.001 seconds)\n[  134.285536] ------------[ cut here ]------------\n[  134.290298] i2c i2c-2: Transfer while suspended\n[  134.295174] WARNING: drivers/i2c/i2c-core.h:56 at __i2c_smbus_xfer+0x1e4/0x214, CPU#0: systemd-sleep/388\n[  134.365507] Tainted: [W]=WARN\n[  134.368485] Hardware name: Renesas SMARC EVK version 2 based on r9a09g047e57 (DT)\n[  134.375961] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  134.382935] pc : __i2c_smbus_xfer+0x1e4/0x214\n[  134.387329] lr : __i2c_smbus_xfer+0x1e4/0x214\n[  134.391717] sp : ffff800083f23860\n[  134.395040] x29: ffff800083f23860 x28: 0000000000000000 x27: ffff800082ed5d60\n[  134.402226] x26: 0000001f4395fd74 x25: 0000000000000007 x24: 0000000000000001\n[  134.409408] x23: 0000000000000000 x22: 000000000000006f x21: ffff800083f23936\n[  134.416589] x20: ffff0000c090e140 x19: ffff0000c090e0d0 x18: 0000000000000006\n[  134.423771] x17: 6f63657320313030 x16: 2e30206465737061 x15: ffff800083f23280\n[  134.430953] x14: 0000000000000000 x13: ffff800082b16ce8 x12: 0000000000000f09\n[  134.438134] x11: 0000000000000503 x10: ffff800082b6ece8 x9 : ffff800082b16ce8\n[  134.445315] x8 : 00000000ffffefff x7 : ffff800082b6ece8 x6 : 80000000fffff000\n[  134.452495] x5 : 0000000000000504 x4 : 0000000000000000 x3 : 0000000000000000\n[  134.459672] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c9ee9e80\n[  134.466851] Call trace:\n[  134.469311]  __i2c_smbus_xfer+0x1e4/0x214 (P)\n[  134.473715]  i2c_smbus_xfer+0xbc/0x120\n[  134.477507]  i2c_smbus_read_byte_data+0x4c/0x84\n[  134.482077]  isl1208_i2c_read_time+0x44/0x178 [rtc_isl1208]\n[  134.487703]  isl1208_rtc_read_time+0x14/0x20 [rtc_isl1208]\n[  134.493226]  __rtc_read_time+0x44/0x88\n[  134.497012]  rtc_read_time+0x3c/0x68\n[  134.500622]  rtc_suspend+0x9c/0x170\n\nThe warning is triggered because I2C transfers can still be attempted\nwhile the controller is already suspended, due to inappropriate ordering\nof the system sleep callbacks.\n\nIf the controller is autosuspended, there is no way to wake it up once\nruntime PM disabled (in suspend_late()). During system resume, the I2C\ncontroller will be available only after runtime PM is re-enabled\n(in resume_early()). However, this may be too late for some devices.\n\nWake up the controller in the suspend() callback while runtime PM is\nstill enabled. The I2C controller will remain available until the\nsuspend_noirq() callback (pm_runtime_force_suspend()) is called. During\nresume, the I2C controller can be restored by the resume_noirq() callback\n(pm_runtime_force_resume()). Finally, the resume() callback re-enables\nautosuspend. As a result, the I2C controller can remain available until\nthe system enters suspend_noirq() and from resume_noirq()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:37:53.284Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/469f8fe4c87e43520f279e45b927c35d6fe99194"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b4c0fbbe00b7de76bdaea7fa771017d7a979b0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e383f0961422f983451ac4dd6aed1a3d3311f2be"
        }
      ],
      "title": "i2c: riic: Move suspend handling to NOIRQ phase",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23055",
    "datePublished": "2026-02-04T16:04:24.190Z",
    "dateReserved": "2026-01-13T15:37:45.951Z",
    "dateUpdated": "2026-02-09T08:37:53.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.