CVE-2025-21878: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to the i2c driver. After checking, the i2c module was doing a tx transfer and the bmc machine reboots in the middle of the i2c transaction, the i2c module keeps the status without being reset. Due to such an i2c module status, the i2c irq handler keeps getting triggered since the i2c irq handler is registered in the kernel booting process after the bmc machine is doing a warm rebooting. The continuous triggering is stopped by the soft lockup watchdog timer. Disable the interrupt enable bit in the i2c module before calling devm_request_irq to fix this issue since the i2c relative status bit is read-only. Here is the soft lockup log. [ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1] [ 28.183351] Modules linked in: [ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1 [ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 28.208128] pc : __do_softirq+0xb0/0x368 [ 28.212055] lr : __do_softirq+0x70/0x368 [ 28.215972] sp : ffffff8035ebca00 [ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780 [ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0 [ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b [ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff [ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000 [ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2 [ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250 [ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434 [ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198 [ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40 [ 28.290611] Call trace: [ 28.293052] __do_softirq+0xb0/0x368 [ 28.296625] __irq_exit_rcu+0xe0/0x100 [ 28.300374] irq_exit+0x14/0x20 [ 28.303513] handle_domain_irq+0x68/0x90 [ 28.307440] gic_handle_irq+0x78/0xb0 [ 28.311098] call_on_irq_stack+0x20/0x38 [ 28.315019] do_interrupt_handler+0x54/0x5c [ 28.319199] el1_interrupt+0x2c/0x4c [ 28.322777] el1h_64_irq_handler+0x14/0x20 [ 28.326872] el1h_64_irq+0x74/0x78 [ 28.330269] __setup_irq+0x454/0x780 [ 28.333841] request_threaded_irq+0xd0/0x1b4 [ 28.338107] devm_request_threaded_irq+0x84/0x100 [ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0 [ 28.346990] platform_probe+0x6c/0xc4 [ 28.350653] really_probe+0xcc/0x45c [ 28.354227] __driver_probe_device+0x8c/0x160 [ 28.358578] driver_probe_device+0x44/0xe0 [ 28.362670] __driver_attach+0x124/0x1d0 [ 28.366589] bus_for_each_dev+0x7c/0xe0 [ 28.370426] driver_attach+0x28/0x30 [ 28.373997] bus_add_driver+0x124/0x240 [ 28.377830] driver_register+0x7c/0x124 [ 28.381662] __platform_driver_register+0x2c/0x34 [ 28.386362] npcm_i2c_init+0x3c/0x5c [ 28.389937] do_one_initcall+0x74/0x230 [ 28.393768] kernel_init_freeable+0x24c/0x2b4 [ 28.398126] kernel_init+0x28/0x130 [ 28.401614] ret_from_fork+0x10/0x20 [ 28.405189] Kernel panic - not syncing: softlockup: hung tasks [ 28.411011] SMP: stopping secondary CPUs [ 28.414933] Kernel Offset: disabled [ 28.418412] CPU features: 0x00000000,00000802 [ 28.427644] Rebooting in 20 seconds..
AI Analysis
Technical Summary
CVE-2025-21878 is a vulnerability identified in the Linux kernel's i2c subsystem, specifically affecting the npcm i2c driver. The issue arises during the handling of interrupts related to the i2c module. When the Baseboard Management Controller (BMC) system performs a warm reboot in the middle of an i2c transaction, the i2c module retains its status without resetting properly. This stale status causes the i2c interrupt request (IRQ) handler to be continuously triggered after the system reboot, as the interrupt enable bit remains set and the status bit is read-only, preventing proper clearing. The continuous triggering of the IRQ handler leads to a soft lockup condition, where the CPU becomes stuck processing interrupts for an extended period (reported as 26 seconds in the log), eventually causing the kernel to panic and the system to reboot again. The root cause is that the interrupt enable bit is not disabled before the devm_request_irq function is called during the driver initialization, which leads to the persistent interrupt state. The fix involves disabling the interrupt enable bit before requesting the IRQ to ensure the interrupt line is properly reset and does not cause repeated triggers. This vulnerability affects Linux kernel versions identified by the commit hash 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 and likely impacts systems using the npcm i2c driver, which is common in embedded and server BMC environments. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those operating data centers, telecommunications infrastructure, or industrial control systems that rely on Linux-based BMCs or embedded systems using the npcm i2c driver, this vulnerability poses a risk of system instability and downtime. The soft lockup and kernel panic can cause unexpected reboots, leading to service interruptions, potential data loss, and degraded operational reliability. Critical infrastructure sectors such as energy, manufacturing, and finance, which often deploy Linux-based hardware management controllers, may experience disruptions if affected devices are not patched. The inability to properly reset the i2c interrupt status could also complicate incident response and recovery processes. While this vulnerability does not directly lead to remote code execution or data breach, the denial-of-service impact through repeated system crashes can have significant operational and financial consequences. Additionally, the vulnerability may affect supply chain components that use the npcm i2c driver, amplifying the risk across multiple organizations.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to include the patch that disables the interrupt enable bit before calling devm_request_irq in the npcm i2c driver. Since the vulnerability is related to the kernel driver initialization, applying the latest stable kernel releases or vendor-provided patches that address CVE-2025-21878 is critical. For systems where immediate patching is not feasible, organizations should implement monitoring for soft lockup warnings and kernel panics related to i2c interrupts to enable rapid detection and response. Additionally, reviewing and hardening BMC firmware update procedures and ensuring secure reboot processes can reduce the risk of triggering this condition. Organizations should also audit their hardware inventory to identify devices using the npcm i2c driver and coordinate with hardware vendors for firmware or kernel updates. In environments with high availability requirements, deploying redundant systems or failover mechanisms can mitigate the impact of unexpected reboots caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2025-21878: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to the i2c driver. After checking, the i2c module was doing a tx transfer and the bmc machine reboots in the middle of the i2c transaction, the i2c module keeps the status without being reset. Due to such an i2c module status, the i2c irq handler keeps getting triggered since the i2c irq handler is registered in the kernel booting process after the bmc machine is doing a warm rebooting. The continuous triggering is stopped by the soft lockup watchdog timer. Disable the interrupt enable bit in the i2c module before calling devm_request_irq to fix this issue since the i2c relative status bit is read-only. Here is the soft lockup log. [ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1] [ 28.183351] Modules linked in: [ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1 [ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 28.208128] pc : __do_softirq+0xb0/0x368 [ 28.212055] lr : __do_softirq+0x70/0x368 [ 28.215972] sp : ffffff8035ebca00 [ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780 [ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0 [ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b [ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff [ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000 [ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2 [ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250 [ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434 [ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198 [ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40 [ 28.290611] Call trace: [ 28.293052] __do_softirq+0xb0/0x368 [ 28.296625] __irq_exit_rcu+0xe0/0x100 [ 28.300374] irq_exit+0x14/0x20 [ 28.303513] handle_domain_irq+0x68/0x90 [ 28.307440] gic_handle_irq+0x78/0xb0 [ 28.311098] call_on_irq_stack+0x20/0x38 [ 28.315019] do_interrupt_handler+0x54/0x5c [ 28.319199] el1_interrupt+0x2c/0x4c [ 28.322777] el1h_64_irq_handler+0x14/0x20 [ 28.326872] el1h_64_irq+0x74/0x78 [ 28.330269] __setup_irq+0x454/0x780 [ 28.333841] request_threaded_irq+0xd0/0x1b4 [ 28.338107] devm_request_threaded_irq+0x84/0x100 [ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0 [ 28.346990] platform_probe+0x6c/0xc4 [ 28.350653] really_probe+0xcc/0x45c [ 28.354227] __driver_probe_device+0x8c/0x160 [ 28.358578] driver_probe_device+0x44/0xe0 [ 28.362670] __driver_attach+0x124/0x1d0 [ 28.366589] bus_for_each_dev+0x7c/0xe0 [ 28.370426] driver_attach+0x28/0x30 [ 28.373997] bus_add_driver+0x124/0x240 [ 28.377830] driver_register+0x7c/0x124 [ 28.381662] __platform_driver_register+0x2c/0x34 [ 28.386362] npcm_i2c_init+0x3c/0x5c [ 28.389937] do_one_initcall+0x74/0x230 [ 28.393768] kernel_init_freeable+0x24c/0x2b4 [ 28.398126] kernel_init+0x28/0x130 [ 28.401614] ret_from_fork+0x10/0x20 [ 28.405189] Kernel panic - not syncing: softlockup: hung tasks [ 28.411011] SMP: stopping secondary CPUs [ 28.414933] Kernel Offset: disabled [ 28.418412] CPU features: 0x00000000,00000802 [ 28.427644] Rebooting in 20 seconds..
AI-Powered Analysis
Technical Analysis
CVE-2025-21878 is a vulnerability identified in the Linux kernel's i2c subsystem, specifically affecting the npcm i2c driver. The issue arises during the handling of interrupts related to the i2c module. When the Baseboard Management Controller (BMC) system performs a warm reboot in the middle of an i2c transaction, the i2c module retains its status without resetting properly. This stale status causes the i2c interrupt request (IRQ) handler to be continuously triggered after the system reboot, as the interrupt enable bit remains set and the status bit is read-only, preventing proper clearing. The continuous triggering of the IRQ handler leads to a soft lockup condition, where the CPU becomes stuck processing interrupts for an extended period (reported as 26 seconds in the log), eventually causing the kernel to panic and the system to reboot again. The root cause is that the interrupt enable bit is not disabled before the devm_request_irq function is called during the driver initialization, which leads to the persistent interrupt state. The fix involves disabling the interrupt enable bit before requesting the IRQ to ensure the interrupt line is properly reset and does not cause repeated triggers. This vulnerability affects Linux kernel versions identified by the commit hash 56a1485b102ed1cd5a4af8e87ed794699fd1cad2 and likely impacts systems using the npcm i2c driver, which is common in embedded and server BMC environments. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those operating data centers, telecommunications infrastructure, or industrial control systems that rely on Linux-based BMCs or embedded systems using the npcm i2c driver, this vulnerability poses a risk of system instability and downtime. The soft lockup and kernel panic can cause unexpected reboots, leading to service interruptions, potential data loss, and degraded operational reliability. Critical infrastructure sectors such as energy, manufacturing, and finance, which often deploy Linux-based hardware management controllers, may experience disruptions if affected devices are not patched. The inability to properly reset the i2c interrupt status could also complicate incident response and recovery processes. While this vulnerability does not directly lead to remote code execution or data breach, the denial-of-service impact through repeated system crashes can have significant operational and financial consequences. Additionally, the vulnerability may affect supply chain components that use the npcm i2c driver, amplifying the risk across multiple organizations.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to include the patch that disables the interrupt enable bit before calling devm_request_irq in the npcm i2c driver. Since the vulnerability is related to the kernel driver initialization, applying the latest stable kernel releases or vendor-provided patches that address CVE-2025-21878 is critical. For systems where immediate patching is not feasible, organizations should implement monitoring for soft lockup warnings and kernel panics related to i2c interrupts to enable rapid detection and response. Additionally, reviewing and hardening BMC firmware update procedures and ensuring secure reboot processes can reduce the risk of triggering this condition. Organizations should also audit their hardware inventory to identify devices using the npcm i2c driver and coordinate with hardware vendors for firmware or kernel updates. In environments with high availability requirements, deploying redundant systems or failover mechanisms can mitigate the impact of unexpected reboots caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.782Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe8abb
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 10:12:55 AM
Last updated: 7/29/2025, 5:45:34 AM
Views: 15
Related Threats
CVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumCVE-2025-8985: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8984: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.