Main Vulnerability Database SB2025100168

SB2025100168 - Integer underflow in Linux kernel i2c busses driver

Published: October 1, 2025

Security Bulletin ID SB2025100168

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer underflow (CVE-ID: CVE-2025-39928)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the rtl9300_i2c_config_xfer() function in drivers/i2c/busses/i2c-rtl9300.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/06418cb5a1a542a003fdb4ad8e76ea542d57cfba
https://git.kernel.org/stable/c/c91382328fc89f73144d5582f2d8f1dd3e41c8f7