U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38671 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0d33913fce67a93c1eb83396c3c9d6b411dcab33 kernel.org Patch 
https://git.kernel.org/stable/c/42c4471b30fa203249f476dd42321cd7efb7f6a8 kernel.org Patch 
https://git.kernel.org/stable/c/89459f168b78e5c801dc8b7ad037b62898bc4f57 kernel.org Patch 
https://git.kernel.org/stable/c/a7982a14b3012527a9583d12525cd0dc9f8d8934 kernel.org Patch 
https://git.kernel.org/stable/c/acfa2948be630ad857535cb36153697f3cbf9ca9 kernel.org Patch 
https://git.kernel.org/stable/c/c523bfba46c4b4d7676fb050909533a766698ecd kernel.org Patch 
https://git.kernel.org/stable/c/cbec4406998185e0311ae97dfacc649f9cd79b0b kernel.org Patch 
https://git.kernel.org/stable/c/d05ec13aa3eb868a60dc961b489053a643863ddc kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html CVE Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html CVE Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38671
NVD Published Date:
08/22/2025
NVD Last Modified:
01/08/2026
Source:
kernel.org