Linux Kernel i2c Designware Out-of-Bounds Access Vulnerability

Vulnerability

A vulnerability in the Linux kernel's i2c/designware component has been addressed. The issue arose because the i2c_dw_xfer_init() function required certain parameters from the device context to be initialized, but the amd_i2c_dw_xfer_quirk() function did not properly initialize the msg_write_idx. This oversight could lead to an out-of-bounds access of the msgs array. The vulnerability has been fixed by ensuring that msg_write_idx is initialized before i2c_dw_xfer_init() is called.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing undefined behavior such as memory corruption or allowing an attacker to execute arbitrary code.

Added: Jul 25, 2025, 2:22 PM

Updated: Jul 25, 2025, 6:52 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel i2c Designware Out-of-Bounds Access Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating