I2C Vulnerability in Realtek RTL9300 Chipset Affects Linux Kernel
CVE-2025-39928

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39928?

A vulnerability in the Linux kernel affects the Realtek RTL9300 I2C communication. This issue arises when the data length is set to an unsupported value of 0, leading to unintended behaviors such as an underflow in the register calculations. Specifically, the SMBus Quick Operation is compromised, enabling erroneous 16-byte transfers instead of the intended quick write operation. As a result, this can lead to severe repercussions including potential bricking of devices that lack write-protected EEPROM. Adding robust checks for data lengths is vital to mitigate these risks.

Affected Version(s)

Linux c366be720235301fdadf67e6f1ea6ff32669c074

Linux c366be720235301fdadf67e6f1ea6ff32669c074 < 06418cb5a1a542a003fdb4ad8e76ea542d57cfba

Linux 6.13

References

https://git.kernel.org/stable/c/c91382328fc89f73144d5582f...

https://git.kernel.org/stable/c/06418cb5a1a542a003fdb4ad8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON