I2C Designware Driver Vulnerability in Intel Alder Lake Platform by Gigabyte

CVE-2022-50370

What is CVE-2022-50370?

A vulnerability exists in the I2C Designware driver for Intel Alder Lake motherboards, specifically affecting certain Gigabyte models. The issue manifests as a NULL pointer dereference during S3 sleep state resumption, leading to potential system crashes. The root cause is linked to unexpected interrupts from a device that was not properly handled when the controller was still active. A firmware update is suggested as a remedy, but it highlights the driver’s inability to manage interrupts correctly when the controller status is improperly flagged. A software status flag has been introduced to mitigate this problem, emphasizing the importance of ensuring proper state management in device drivers.

References