CVE-2025-39809 – A stack buffer overflow vulnerability in the Li... (How to Fix)

Q: What is the severity of CVE-2025-39809?

CVE-2025-39809 has a CVSS score of 7.8 (HIGH). A stack buffer overflow vulnerability in the Linux kernel's Intel QuickI2C driver allows local attackers to write beyond allocated memory bounds. This affects systems with Intel THC-HID hardware using ACPI DSD methods. The vulnerability can lead to kernel crashes or potential privilege escalation.

📋 TL;DR

A stack buffer overflow vulnerability in the Linux kernel's Intel QuickI2C driver allows local attackers to write beyond allocated memory bounds. This affects systems with Intel THC-HID hardware using ACPI DSD methods. The vulnerability can lead to kernel crashes or potential privilege escalation.

💻 Affected Systems

Products:

Linux kernel with Intel QuickI2C driver (intel_quicki2c)

Versions: Linux kernel versions before fixes in commits 1db9df89a213318a48d958385dc1b17b379dc32b and 4adce86d4b13d15dec7810967839b931b1598700

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Intel THC-HID hardware with ACPI DSD methods returning ICRS/ISUB data. Systems without this specific hardware are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel mode, complete system compromise, or persistent denial of service.

🟠

Likely Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to recover.

🟢

If Mitigated

System crash requiring reboot, but no privilege escalation if kernel hardening features like KASAN are enabled.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or compromised services could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and specific hardware configuration. The stack trace shows KASAN detection, making exploitation more difficult on hardened systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 1db9df89a213318a48d958385dc1b17b379dc32b and 4adce86d4b13d15dec7810967839b931b1598700 applied

Vendor Advisory: https://git.kernel.org/stable/c/1db9df89a213318a48d958385dc1b17b379dc32b

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify driver is no longer vulnerable.

🔧 Temporary Workarounds

Disable Intel QuickI2C driver

linux

Blacklist or prevent loading of the vulnerable intel_quicki2c kernel module

echo 'blacklist intel_quicki2c' >> /etc/modprobe.d/blacklist-intel-quicki2c.conf
update-initramfs -u
reboot

Disable ACPI DSD methods for affected hardware

linux

Prevent ACPI from exposing the vulnerable DSD methods

Add 'acpi=off' or specific ACPI blacklisting to kernel boot parameters in /etc/default/grub

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable hardware
Enable kernel hardening features like KASAN, stack canaries, and KPTI

🔍 How to Verify

Check if Vulnerable:

Check if intel_quicki2c module is loaded: lsmod | grep intel_quicki2c. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check dmesg for absence of stack-out-of-bounds errors related to quicki2c_acpi_get_dsd_property.

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing 'KASAN: stack-out-of-bounds' errors
Kernel panic messages mentioning quicki2c_acpi_get_dsd_property
System crashes with intel_quicki2c module in stack trace

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("stack-out-of-bounds" OR "quicki2c" OR "intel_quicki2c")

📊 Metadata

CVE ID: CVE-2025-39809

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (3th percentile)

Published: September 16, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39809, you might also want to check these: