Defa Li

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A deadlock may occur in the Linux kernel due to the `i3c master register()` function acquiring the `&i3cbus->lock` twice. This can happen when the `i3c device get info()` function is called, which can lead to a deadlock. The issue is resolved by using `i3cdev->desc->info` instead of calling `i3c device get info()` to avoid acquiring the lock twice. The vulnerability is actively being exploited. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the `i3c device get info()` function until a patch is available. Restrict access to the `i3c bus normaluse lock` function to minimize the risk of exploitation. Avoid using the `i3c device uevent` function in the affected API endpoint until the issue is resolved.