CVE-2025-39937
Published: Oct 4, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from device property") rfkill_find_type() gets called with the possibly uninitialized "const char *type_name;" local variable. On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752" acpi_device, the rfkill->type is set based on the ACPI acpi_device_id: rfkill->type = (unsigned)id->driver_data; and there is no "type" property so device_property_read_string() will fail and leave type_name uninitialized, leading to a potential crash. rfkill_find_type() does accept a NULL pointer, fix the potential crash by initializing type_name to NULL. Note likely sofar this has not been caught because: 1. Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device 2. The stack happened to contain NULL where type_name is stored
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7d5e9737efda16535e5b54bd627ef4881d11d31f - < 184f608a68f96794e8fe58cd5535014d53622cdeaffected 7d5e9737efda16535e5b54bd627ef4881d11d31f - < 8793e7a8e1b60131a825457174ed6398111daeb7affected 7d5e9737efda16535e5b54bd627ef4881d11d31f - < ada2282259243387e6b6e89239aeb4897e62f051affected 7d5e9737efda16535e5b54bd627ef4881d11d31f - < 47ade5f9d70b23a119ec20b1c6504864b2543a79affected 7d5e9737efda16535e5b54bd627ef4881d11d31f - < 689aee35ce671aab752f159e5c8e66d7685e6887+3 more versions |
Linux | Linux | affected 4.6unaffected 0 - < 4.6unaffected 5.4.300 - <= 5.4.*unaffected 5.10.245 - <= 5.10.*unaffected 5.15.194 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now