AZL-68150

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68150.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68150

Upstream

CVE-2025-39937

Published

2025-10-04T08:15:46Z

Modified

2026-04-01T05:21:20.980688Z

Summary

CVE-2025-39937 affecting package kernel for versions less than 6.6.112.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer

Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from device property") rfkillfindtype() gets called with the possibly uninitialized "const char *type_name;" local variable.

On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752" acpidevice, the rfkill->type is set based on the ACPI acpidevice_id:

    rfkill->type = (unsigned)id->driver_data;

and there is no "type" property so devicepropertyreadstring() will fail and leave typename uninitialized, leading to a potential crash.

rfkillfindtype() does accept a NULL pointer, fix the potential crash by initializing type_name to NULL.

Note likely sofar this has not been caught because:

Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device
The stack happened to contain NULL where type_name is stored

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39937

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.112.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68150.json"