-

CVE-2025-39937

EPSS 0.02%
Veröffentlicht 04.10.2025 07:31:00
Zuletzt bearbeitet 06.10.2025 14:56:47
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer

Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from
device property") rfkill_find_type() gets called with the possibly
uninitialized "const char *type_name;" local variable.

On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752"
acpi_device, the rfkill->type is set based on the ACPI acpi_device_id:

        rfkill->type = (unsigned)id->driver_data;

and there is no "type" property so device_property_read_string() will fail
and leave type_name uninitialized, leading to a potential crash.

rfkill_find_type() does accept a NULL pointer, fix the potential crash
by initializing type_name to NULL.

Note likely sofar this has not been caught because:

1. Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device
2. The stack happened to contain NULL where type_name is stored

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 184f608a68f96794e8fe58cd5535014d53622cde

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < 8793e7a8e1b60131a825457174ed6398111daeb7

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < ada2282259243387e6b6e89239aeb4897e62f051

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < 47ade5f9d70b23a119ec20b1c6504864b2543a79

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < 689aee35ce671aab752f159e5c8e66d7685e6887

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < 21ba85d9d508422ca9e6698463ff9357c928c22d

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < 21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

Version < b6f56a44e4c1014b08859dcf04ed246500e310e5

Version 7d5e9737efda16535e5b54bd627ef4881d11d31f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.6

Status affected

Version < 4.6

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.300

Status unaffected

Version <= 5.10.*

Version 5.10.245

Status unaffected

Version <= 5.15.*

Version 5.15.194

Status unaffected

Version <= 6.1.*

Version 6.1.154

Status unaffected

Version <= 6.6.*

Version 6.6.108

Status unaffected

Version <= 6.12.*

Version 6.12.49

Status unaffected

Version <= 6.16.*

Version 6.16.9

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/184f608a68f96794e8fe58cd5535014d53622cde

https://git.kernel.org/stable/c/8793e7a8e1b60131a825457174ed6398111daeb7

https://git.kernel.org/stable/c/ada2282259243387e6b6e89239aeb4897e62f051

https://git.kernel.org/stable/c/47ade5f9d70b23a119ec20b1c6504864b2543a79

https://git.kernel.org/stable/c/689aee35ce671aab752f159e5c8e66d7685e6887

https://git.kernel.org/stable/c/21ba85d9d508422ca9e6698463ff9357c928c22d

https://git.kernel.org/stable/c/21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d

https://git.kernel.org/stable/c/b6f56a44e4c1014b08859dcf04ed246500e310e5

https://nvd.nist.gov/vuln/detail/CVE-2025-39937

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39937

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39937

EUVD