CVE-2025-38380

In the Linux kernel, the following vulnerability has been resolved:

i2c/designware: Fix an initialization issue

The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the
dev context to be initialized.

amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx.

This could allow an out of bounds access (of msgs).

Initialize msg_write_idx before calling i2c_dw_xfer_init().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
6.12.38-1
fixed
sid
6.12.38-1
fixed
trixie (security)
vulnerable
References
https://git.kernel.org/stable/c/3d30048958e0d43425f6d4e76565e6249fa71050
https://git.kernel.org/stable/c/475f89e1f9bde45fc948589e7cde1f5d899ae412
https://git.kernel.org/stable/c/4c37963d67fb945a59faf53bebe048ca201e44df
https://git.kernel.org/stable/c/5b622e672e49e50c33fc64cd06b05ce76e1de460
https://git.kernel.org/stable/c/6358cb9c2a31e23b6b51bfcd7fe2b7becaf6b149
https://git.kernel.org/stable/c/9b5b600e751fae92ba571b015eaf02c9c58e2083