CVE-2025-39680

Summary

In the Linux kernel, the following vulnerability has been resolved:

i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer

The data->block[0] variable comes from user. Without proper check, the variable may be very large to cause an out-of-bounds bug.

Fix this bug by checking the value of data->block[0] first.

  1. commit 39244cc75482 ("i2c: ismt: Fix an out-of-bounds bug in ismt_access()")
  2. commit 92fbb6d1296f ("i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()")

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc366be720235301fdadf67e6f1ea6ff32669c074 < 071e43fcba5ddd9a7813e6cc0aa10299eae41b21affected
LinuxLinuxc366be720235301fdadf67e6f1ea6ff32669c074 < 57f312b955938fc4663f430cb57a71f2414f601baffected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.16.4 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References