diff --git a/drivers/media/usb/dvb-usb-v2/az6007.c b/drivers/media/usb/dvb-usb-v2/az6007.c
index 65ef045b74ca..784cba9c15ef 100644
--- a/drivers/media/usb/dvb-usb-v2/az6007.c
+++ b/drivers/media/usb/dvb-usb-v2/az6007.c
@@ -751,6 +751,9 @@ static int az6007_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[],
 	int length;
 	u8 req, addr;
 
+	if (!usb_trylock_device(d->udev))
+		return -EBUSY;
+
 	if (mutex_lock_interruptible(&st->mutex) < 0) {
+		usb_unlock_device(d->udev);
 		return -EAGAIN;
 	}
 
@@ -757,6 +760,10 @@ static int az6007_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[],
 
 	for (i = 0; i < num; i++) {
 		addr = msgs[i].addr << 1;
+		if (msgs[i].len < 1 || msgs[i].len >= sizeof(st->data) - 6) {
+			ret = -EIO;
+			goto err;
+		}
 		if (((i + 1) < num)
 		    && (msgs[i].len == 1)
 		    && ((msgs[i].flags & I2C_M_RD) != I2C_M_RD)
@@ -821,6 +828,7 @@ static int az6007_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[],
 	}
 err:
 	mutex_unlock(&st->mutex);
+	usb_unlock_device(d->udev);
 	if (ret < 0) {
 		pr_info("%s ERROR: %i\n", __func__, ret);
 		return ret;