CVE-2023-52791: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0 [ 12.676926] Voluntary context switch within RCU read-side critical section! ... [ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114 [ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70 ... [ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58 [ 13.001050] machine_restart from panic+0x2a8/0x32c Use !preemptible() instead, which is basically the same check as pre-v5.2.
AI Analysis
Technical Summary
CVE-2023-52791 addresses a vulnerability in the Linux kernel's I2C (Inter-Integrated Circuit) core subsystem related to atomicity of I2C transfers during system panic and restart sequences. The issue arises from a change introduced since commit bae1d3a05a8b, where I2C transfers became non-atomic if preemption was disabled. Non-atomic I2C transfers require preemption to be enabled, for example, when waiting for DMA completion via wait_for_completion(). However, during a kernel panic, the panic() function disables preemption using preempt_disable_notrace() before calling emergency_restart(). If an I2C device is involved in the restart process, the transfer must be atomic to avoid race conditions or inconsistent states. The vulnerability manifests as warnings and potential instability during panic-induced restarts, including voluntary context switches within RCU read-side critical sections, which are unsafe and can lead to kernel panics or deadlocks. The fix involves using the !preemptible() check instead of relying solely on preemption being disabled, effectively restoring behavior similar to Linux kernel versions prior to 5.2. This ensures that I2C transfers remain atomic during critical restart operations, preventing unsafe context switches and maintaining kernel stability. Although no known exploits are reported in the wild, this vulnerability affects the core Linux kernel, which is widely used across servers, embedded devices, and IoT systems. The affected versions are those including the specified commit bae1d3a05a8b and likely subsequent versions until patched. The vulnerability is subtle and primarily impacts system reliability and availability during panic and restart scenarios rather than direct confidentiality or integrity breaches.
Potential Impact
For European organizations, the impact of CVE-2023-52791 is primarily on system stability and availability, especially for critical infrastructure and embedded systems relying on Linux kernels that use I2C devices during restart sequences. Systems that experience kernel panics and rely on I2C devices for emergency restart could face unexpected kernel warnings, deadlocks, or failures to reboot properly, potentially causing downtime. This is particularly relevant for sectors such as industrial automation, telecommunications, transportation, and IoT deployments common in Europe, where Linux is prevalent in embedded controllers and network devices. While the vulnerability does not directly expose data or allow privilege escalation, the inability to reliably restart after a panic could delay recovery from faults or attacks, increasing operational risk. Organizations with large-scale Linux deployments, including cloud providers and data centers in Europe, might also be affected if their hardware platforms use I2C devices in kernel panic paths. The lack of known exploits reduces immediate risk, but the subtlety of the bug means it could contribute to system instability under rare conditions, complicating incident response and recovery.
Mitigation Recommendations
European organizations should ensure that Linux kernel versions deployed in their environments are updated to include the patch that replaces the preemption-disabled check with the !preemptible() check for I2C transfers during panic and restart. Specifically, kernel maintainers and system administrators should: 1) Identify Linux systems running kernel versions containing commit bae1d3a05a8b or later but prior to the fix; 2) Apply vendor-supplied kernel updates or backport the fix if using custom kernels; 3) Test critical embedded and server systems for proper panic and restart behavior after patching; 4) Review and audit kernel panic handling code paths involving I2C devices to ensure no custom modifications reintroduce similar issues; 5) Implement monitoring to detect kernel warnings related to RCU context switches or I2C transfer failures during restarts; 6) For embedded device manufacturers, incorporate the fix into firmware updates and coordinate with customers for timely deployment. Since the vulnerability affects low-level kernel behavior during panic, generic mitigations like disabling I2C devices are impractical; patching the kernel is the definitive solution. Additionally, organizations should maintain robust backup and recovery procedures to mitigate potential downtime from kernel panics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2023-52791: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0 [ 12.676926] Voluntary context switch within RCU read-side critical section! ... [ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114 [ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70 ... [ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58 [ 13.001050] machine_restart from panic+0x2a8/0x32c Use !preemptible() instead, which is basically the same check as pre-v5.2.
AI-Powered Analysis
Technical Analysis
CVE-2023-52791 addresses a vulnerability in the Linux kernel's I2C (Inter-Integrated Circuit) core subsystem related to atomicity of I2C transfers during system panic and restart sequences. The issue arises from a change introduced since commit bae1d3a05a8b, where I2C transfers became non-atomic if preemption was disabled. Non-atomic I2C transfers require preemption to be enabled, for example, when waiting for DMA completion via wait_for_completion(). However, during a kernel panic, the panic() function disables preemption using preempt_disable_notrace() before calling emergency_restart(). If an I2C device is involved in the restart process, the transfer must be atomic to avoid race conditions or inconsistent states. The vulnerability manifests as warnings and potential instability during panic-induced restarts, including voluntary context switches within RCU read-side critical sections, which are unsafe and can lead to kernel panics or deadlocks. The fix involves using the !preemptible() check instead of relying solely on preemption being disabled, effectively restoring behavior similar to Linux kernel versions prior to 5.2. This ensures that I2C transfers remain atomic during critical restart operations, preventing unsafe context switches and maintaining kernel stability. Although no known exploits are reported in the wild, this vulnerability affects the core Linux kernel, which is widely used across servers, embedded devices, and IoT systems. The affected versions are those including the specified commit bae1d3a05a8b and likely subsequent versions until patched. The vulnerability is subtle and primarily impacts system reliability and availability during panic and restart scenarios rather than direct confidentiality or integrity breaches.
Potential Impact
For European organizations, the impact of CVE-2023-52791 is primarily on system stability and availability, especially for critical infrastructure and embedded systems relying on Linux kernels that use I2C devices during restart sequences. Systems that experience kernel panics and rely on I2C devices for emergency restart could face unexpected kernel warnings, deadlocks, or failures to reboot properly, potentially causing downtime. This is particularly relevant for sectors such as industrial automation, telecommunications, transportation, and IoT deployments common in Europe, where Linux is prevalent in embedded controllers and network devices. While the vulnerability does not directly expose data or allow privilege escalation, the inability to reliably restart after a panic could delay recovery from faults or attacks, increasing operational risk. Organizations with large-scale Linux deployments, including cloud providers and data centers in Europe, might also be affected if their hardware platforms use I2C devices in kernel panic paths. The lack of known exploits reduces immediate risk, but the subtlety of the bug means it could contribute to system instability under rare conditions, complicating incident response and recovery.
Mitigation Recommendations
European organizations should ensure that Linux kernel versions deployed in their environments are updated to include the patch that replaces the preemption-disabled check with the !preemptible() check for I2C transfers during panic and restart. Specifically, kernel maintainers and system administrators should: 1) Identify Linux systems running kernel versions containing commit bae1d3a05a8b or later but prior to the fix; 2) Apply vendor-supplied kernel updates or backport the fix if using custom kernels; 3) Test critical embedded and server systems for proper panic and restart behavior after patching; 4) Review and audit kernel panic handling code paths involving I2C devices to ensure no custom modifications reintroduce similar issues; 5) Implement monitoring to detect kernel warnings related to RCU context switches or I2C transfer failures during restarts; 6) For embedded device manufacturers, incorporate the fix into firmware updates and coordinate with customers for timely deployment. Since the vulnerability affects low-level kernel behavior during panic, generic mitigations like disabling I2C devices are impractical; patching the kernel is the definitive solution. Additionally, organizations should maintain robust backup and recovery procedures to mitigate potential downtime from kernel panics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T15:19:24.241Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe7597
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 7:10:04 AM
Last updated: 8/15/2025, 2:31:31 PM
Views: 13
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.