{"id":"CVE-2025-38380","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ni2c/designware: Fix an initialization issue\n\nThe i2c_dw_xfer_init() function requires msgs and msg_write_idx from the\ndev context to be initialized.\n\namd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx.\n\nThis could allow an out of bounds access (of msgs).\n\nInitialize msg_write_idx before calling i2c_dw_xfer_init().","modified":"2026-04-16T04:37:33.093336719Z","published":"2025-07-25T13:15:27Z","withdrawn":"2025-09-17T22:01:16.407963Z","related":["ALSA-2025:13960","ALSA-2025:13962","ALSA-2025:14009","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1","openSUSE-SU-2025:20081-1"],"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3d30048958e0d43425f6d4e76565e6249fa71050"},{"type":"WEB","url":"https://git.kernel.org/stable/c/475f89e1f9bde45fc948589e7cde1f5d899ae412"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c37963d67fb945a59faf53bebe048ca201e44df"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b622e672e49e50c33fc64cd06b05ce76e1de460"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6358cb9c2a31e23b6b51bfcd7fe2b7becaf6b149"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9b5b600e751fae92ba571b015eaf02c9c58e2083"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2025-38380"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.147-1"}]}],"versions":["6.1.106-1","6.1.106-2","6.1.106-3","6.1.112-1","6.1.115-1","6.1.119-1","6.1.123-1","6.1.124-1","6.1.128-1","6.1.129-1","6.1.133-1","6.1.135-1","6.1.137-1","6.1.139-1","6.1.140-1","6.1.27-1","6.1.37-1","6.1.38-1","6.1.38-2","6.1.38-2~bpo11+1","6.1.38-3","6.1.38-4","6.1.38-4~bpo11+1","6.1.52-1","6.1.55-1","6.1.55-1~bpo11+1","6.1.64-1","6.1.66-1","6.1.67-1","6.1.69-1","6.1.69-1~bpo11+1","6.1.76-1","6.1.76-1~bpo11+1","6.1.82-1","6.1.85-1","6.1.90-1","6.1.90-1~bpo11+1","6.1.94-1","6.1.94-1~bpo11+1","6.1.98-1","6.1.99-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38380.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.12.37-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38380.json"}},{"package":{"name":"linux","ecosystem":"Debian:14","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.12.37-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38380.json"}}],"schema_version":"1.7.3"}