Bug 2383381 (CVE-2025-38380)

Summary: CVE-2025-38380 kernel: i2c/designware: Fix an initialization issue
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A vulnerability was found in an I2C driver in the Linux kernel. A missing variable initialization leads to an out-of-bounds memory access when handling certain I2C messages. By crafting malicious I2C messages, an attacker could leverage this vulnerability to cause a denial-of-service, or to overwrite or expose sensitive system memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-07-25 14:01:27 UTC 
In the Linux kernel, the following vulnerability has been resolved:

i2c/designware: Fix an initialization issue

The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the
dev context to be initialized.

amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx.

This could allow an out of bounds access (of msgs).

Initialize msg_write_idx before calling i2c_dw_xfer_init().
Comment 1 Jon Moroney 2025-07-25 19:49:55 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38380-d1a9@gregkh/T
Comment 4 errata-xmlrpc 2025-08-13 02:41:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:13776 https://access.redhat.com/errata/RHSA-2025:13776
Comment 5 errata-xmlrpc 2025-08-18 02:47:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:13960 https://access.redhat.com/errata/RHSA-2025:13960
Comment 6 errata-xmlrpc 2025-08-18 04:07:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:13962 https://access.redhat.com/errata/RHSA-2025:13962
Comment 7 errata-xmlrpc 2025-08-18 11:54:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:14003 https://access.redhat.com/errata/RHSA-2025:14003
Comment 8 errata-xmlrpc 2025-08-18 12:12:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:14005 https://access.redhat.com/errata/RHSA-2025:14005
Comment 9 errata-xmlrpc 2025-08-18 14:03:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:14009 https://access.redhat.com/errata/RHSA-2025:14009
Comment 10 errata-xmlrpc 2025-08-19 00:18:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:14054 https://access.redhat.com/errata/RHSA-2025:14054
Comment 11 errata-xmlrpc 2025-08-19 09:49:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:14082 https://access.redhat.com/errata/RHSA-2025:14082
Comment 13 errata-xmlrpc 2025-08-25 01:53:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:14418 https://access.redhat.com/errata/RHSA-2025:14418
Comment 16 errata-xmlrpc 2025-09-24 00:18:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:16539 https://access.redhat.com/errata/RHSA-2025:16539
Comment 17 errata-xmlrpc 2025-09-24 00:19:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:16541 https://access.redhat.com/errata/RHSA-2025:16541
Comment 18 errata-xmlrpc 2025-09-24 00:25:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:16540 https://access.redhat.com/errata/RHSA-2025:16540
Comment 19 errata-xmlrpc 2025-09-24 00:27:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:16538 https://access.redhat.com/errata/RHSA-2025:16538
Comment 20 errata-xmlrpc 2025-09-24 12:49:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Via RHSA-2025:16580 https://access.redhat.com/errata/RHSA-2025:16580
Comment 21 errata-xmlrpc 2025-09-24 13:00:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:16582 https://access.redhat.com/errata/RHSA-2025:16582
Comment 22 errata-xmlrpc 2025-09-24 13:03:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Via RHSA-2025:16583 https://access.redhat.com/errata/RHSA-2025:16583