CVE-2024-35997: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
In the Linux kernel, the following vulnerability has been resolved:
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
The flag I2C_HID_READ_PENDING is used to serialize I2C operations.
However, this is not necessary, because I2C core already has its own
locking for that.
More importantly, this flag can cause a lock-up: if the flag is set in
i2c_hid_xfer() and an interrupt happens, the interrupt handler
(i2c_hid_irq) will check this flag and return immediately without doing
anything, then the interrupt handler will be invoked again in an
infinite loop.
Since interrupt handler is an RT task, it takes over the CPU and the
flag-clearing task never gets scheduled, thus we have a lock-up.
Delete this unnecessary flag.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel availability bug in the HID-over-I2C driver. Under the described interrupt timing, the driver can loop in the interrupt handler and monopolize the CPU, causing a system lock-up. The sources do not show active exploitation or a broad remote attack path.
Executive priority
Treat as a routine but real availability risk for Linux endpoints or appliances using HID-over-I2C. Prioritize patching through normal kernel maintenance, faster for operational systems where a lock-up would cause downtime.
Technical view
The vulnerable i2c-hid path used I2C_HID_READ_PENDING to serialize transfers, although I2C core locking already exists. If set during i2c_hid_xfer() and an interrupt fires, i2c_hid_irq can return repeatedly, preventing the flag-clearing task from running. Kernel fixes remove the flag.
Likely exposure
Exposure is most plausible on Linux systems running affected kernel lines with the i2c-hid driver and HID-over-I2C hardware. The source bundle lists affected Linux kernel versions and stable commits, but does not identify specific device models beyond Linux and downstream advisories.
Exploitation context
CISA KEV status is false in the source bundle, and no cited source claims active exploitation. The described impact is denial of service through lock-up, but the bundle does not establish attacker prerequisites, remote reachability, or exploit reliability.
Researcher notes
Evidence supports a kernel driver deadlock or livelock-style availability flaw fixed by removing unnecessary serialization. Severity, CVSS, CWE, exploitability, and attacker access requirements are not provided in the bundle, so validation should focus on affected kernels and driver use.
Mitigation direction
Update to a Linux kernel containing the referenced stable fixes.
Apply Debian LTS or vendor kernel updates where applicable.
Check Siemens guidance if managing affected Siemens products.
Prioritize systems where i2c-hid devices are operationally important.
Monitor vendor advisories for backported package versions.
Validation and detection
Inventory kernel versions against the affected version list.
Confirm whether the i2c-hid driver is present and in use.
Verify vendor kernel packages include the referenced fix commits.
Review system logs for unexplained i2c-hid interrupt or lock-up symptoms.
Track remediation through existing kernel update compliance tooling.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-35997 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.