{
  "threat_severity" : "Moderate",
  "public_date" : "2025-07-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel (i2c Tegra): Information disclosure or denial of service via SMBUS block read with invalid length",
    "id" : "2383461",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2383461"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-130",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ni2c: tegra: check msg length in SMBUS block read\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is '0' or greater than the maximum allowed bytes.", "A flaw was found in the Linux kernel's i2c Tegra driver. A local attacker with high privileges could exploit this vulnerability by providing a specially crafted SMBUS (System Management Bus) block read message with an invalid length. This could lead to an out-of-bounds read, potentially resulting in information disclosure or a denial of service (DoS) on the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11428",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.22.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11411",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.28.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11411",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.28.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38425\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38425\nhttps://lore.kernel.org/linux-cve-announce/2025072555-CVE-2025-38425-d34f@gregkh/T" ],
  "name" : "CVE-2025-38425",
  "csaw" : false
}