CVE-2025-39680
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer The data->block[0] variable comes from user. Without proper check, the variable may be very large to cause an out-of-bounds bug. Fix this bug by checking the value of data->block[0] first. 1. commit 39244cc75482 ("i2c: ismt: Fix an out-of-bounds bug in ismt_access()") 2. commit 92fbb6d1296f ("i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()")
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39680
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds bug in the Linux kernel's i2c rtl9300 driver. It occurs because the variable data->block[0], which comes from user input, is not properly checked and can be very large, leading to an out-of-bounds access. The bug was fixed by adding a check on the value of data->block[0] before using it.

Impact Analysis

This vulnerability can lead to out-of-bounds memory access in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited.

Mitigation Strategies

Apply the patch that fixes the out-of-bounds bug in the rtl9300_i2c_smbus_xfer function by ensuring the value of data->block[0] is properly checked before use. This involves updating the Linux kernel to the version that includes the fix described in the commit 39244cc75482 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart