CVE-2025-39928 — Integer Underflow (Wrap or Wraparound) in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Description
In the Linux kernel, the following vulnerability has been resolved:
i2c: rtl9300: ensure data length is within supported range
Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer'
to ensure the data length isn't within the supported range. In
particular a data length of 0 is not supported by the hardware and
causes unintended or destructive behaviour.
This limitation becomes obvious when looking at the register
documentation [1]. 4 bits are reserved for DATA_WIDTH and the va…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5linux/linuxc366be720235301fdadf67e6f1ea6ff32669c074 — c91382328fc89f73144d5582f2d8f1dd3e41c8f7+2
Patches
🔴Vulnerability Details
2OSV▶
CVE-2025-39928: In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check f↗2025-10-01
GHSA▶
GHSA-m43q-hvcx-4pxc: In the Linux kernel, the following vulnerability has been resolved:
i2c: rtl9300: ensure data length is within supported range
Add an explicit check↗2025-10-01
📋Vendor Advisories
3Debian▶
CVE-2025-39928: linux - In the Linux kernel, the following vulnerability has been resolved: i2c: rtl930...↗2025
Microsoft▶
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file↗2021-11-09