Initialization Issue in Linux Kernel's I2C Designware Product
CVE-2025-38380

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38380?

A vulnerability in the Linux kernel's I2C Designware subsystem arises from an initialization oversight. Specifically, the function i2c_dw_xfer_init() relies on properly initialized parameters, but msg_write_idx was not set prior to invoking this function. This oversight can lead to out-of-bounds access of the msgs array, potentially causing unexpected behavior or data corruption. A fix has been implemented to ensure msg_write_idx is initialized correctly, preventing the occurrence of this vulnerability.

Affected Version(s)

Linux 17631e8ca2d3421090e54b39d9a1402091019ba1 < 475f89e1f9bde45fc948589e7cde1f5d899ae412

Linux 17631e8ca2d3421090e54b39d9a1402091019ba1 < 5b622e672e49e50c33fc64cd06b05ce76e1de460

Linux 17631e8ca2d3421090e54b39d9a1402091019ba1 < 6358cb9c2a31e23b6b51bfcd7fe2b7becaf6b149

References

https://git.kernel.org/stable/c/475f89e1f9bde45fc948589e7...

https://git.kernel.org/stable/c/5b622e672e49e50c33fc64cd0...

https://git.kernel.org/stable/c/6358cb9c2a31e23b6b51bfcd7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025