In the Linux kernel, the following vulnerability has been resolved:
i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
The logic used to abort the DMA ring contains several flaws:
- The driver unconditionally issues a ring abort even when the ring has
- The completion used to wait for abort completion is never
- The abort sequence unintentionally clears RING_CTRL_ENABLE, which
- If the ring is already stopped, the abort operation should be
Fix the abort handling by checking whether the ring is running before issuing an abort, re-initializing the completion when needed, ensuring that RING_CTRL_ENABLE remains asserted during abort, and treating an already stopped ring as a successful condition.