CVE-2025-39928

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s i2c subsystem, specifically within the rtl9300 driver. The issue stems from a missing check on the data length during i2c transfers. A data length of 0, which is not supported by the hardware, can lead to an underflow and an unintended transfer length of 16 bytes. This can cause destructive behavior, such as soft-bricking SFP modules with write-protected EEPROM by overwriting initial bytes. The root cause is the calculation (len - 1) & 0xf, which incorrectly sets the transfer length when len is 0. The issue affects the SMBus Quick Operation, where a data length of 0 is used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.