CVE-2025-39928— i2c: rtl9300: ensure data length is within supported range
Affected Version Matrix 6
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-39928
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
i2c: rtl9300: ensure data length is within supported range
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not supported by the hardware and causes unintended or destructive behaviour. This limitation becomes obvious when looking at the register documentation [1]. 4 bits are reserved for DATA_WIDTH and the value of these 4 bits is used as N + 1, allowing a data length range of 1 <= len <= 16. Affected by this is the SMBus Quick Operation which works with a data length of 0. Passing 0 as the length causes an underflow of the value due to: (len - 1) & 0xf and effectively specifying a transfer length of 16 via the registers. This causes a 16-byte write operation instead of a Quick Write. For example, on SFP modules without write-protected EEPROM this soft-bricks them by overwriting some initial bytes. For completeness, also add a quirk for the zero length. [1] https://svanheule.net/realtek/longan/register/i2c_mst1_ctrl2
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未检查数据长度是否在支持范围内,可能导致整数下溢和意外行为。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-39928
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-39928
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-10-01 · 169 CVEs total
| CVE-2022-50462 | MIPS: vpe-mt: fix possible memory leak while module exiting | |
| CVE-2022-50452 | net: sched: cake: fix null pointer access issue when cake_init() fails | |
| CVE-2022-50451 | fs/ntfs3: Fix memory leak on ntfs_fill_super() error path | |
| CVE-2022-50453 | gpiolib: cdev: fix NULL-pointer dereferences | |
| CVE-2022-50454 | drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() | |
| CVE-2022-50457 | mtd: core: Fix refcount error in del_mtd_device() | |
| CVE-2022-50456 | btrfs: fix resolving backrefs for inline extent followed by prealloc | |
| CVE-2022-50458 | clk: tegra: Fix refcount leak in tegra210_clock_init | |
| CVE-2022-50460 | cifs: Fix xid leak in cifs_flock() | |
| CVE-2022-50459 | scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() | |
| CVE-2022-50461 | net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open() | |
| CVE-2022-50467 | scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID | |
| CVE-2023-53488 | IB/hfi1: Fix possible panic during hotplug remove | |
| CVE-2023-53489 | tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. | |
| CVE-2022-50469 | staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() | |
| CVE-2022-50468 | platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() | |
| CVE-2022-50465 | ext4: fix leaking uninitialized memory in fast-commit journal | |
| CVE-2022-50463 | powerpc/52xx: Fix a resource leak in an error handling path | |
| CVE-2022-50464 | mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() | |
| CVE-2022-50448 | mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in |
Showing top 20 of 169 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2025-39928
No comments yet