CVE-2025-39937
- Source
- https://cve.org/CVERecord?id=CVE-2025-39937
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39937.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39937
- Downstream
- Related
- Published
- 2025-10-04T07:31:00.879Z
- Modified
- 2026-05-18T05:56:19.956670524Z
- Summary
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from device property") rfkillfindtype() gets called with the possibly uninitialized "const char *type_name;" local variable.
On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752" acpidevice, the rfkill->type is set based on the ACPI acpidevice_id:
rfkill->type = (unsigned)id->driver_data;and there is no "type" property so devicepropertyreadstring() will fail and leave typename uninitialized, leading to a potential crash.
rfkillfindtype() does accept a NULL pointer, fix the potential crash by initializing type_name to NULL.
Note likely sofar this has not been caught because:
- Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device
- The stack happened to contain NULL where type_name is stored
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39937.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/184f608a68f96794e8fe58cd5535014d53622cde
- https://git.kernel.org/stable/c/21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d
- https://git.kernel.org/stable/c/21ba85d9d508422ca9e6698463ff9357c928c22d
- https://git.kernel.org/stable/c/47ade5f9d70b23a119ec20b1c6504864b2543a79
- https://git.kernel.org/stable/c/689aee35ce671aab752f159e5c8e66d7685e6887
- https://git.kernel.org/stable/c/8793e7a8e1b60131a825457174ed6398111daeb7
- https://git.kernel.org/stable/c/ada2282259243387e6b6e89239aeb4897e62f051
- https://git.kernel.org/stable/c/b6f56a44e4c1014b08859dcf04ed246500e310e5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39937.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39937
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7d5e9737efda16535e5b54bd627ef4881d11d31fFixed184f608a68f96794e8fe58cd5535014d53622cdeFixed8793e7a8e1b60131a825457174ed6398111daeb7Fixedada2282259243387e6b6e89239aeb4897e62f051Fixed47ade5f9d70b23a119ec20b1c6504864b2543a79Fixed689aee35ce671aab752f159e5c8e66d7685e6887Fixed21ba85d9d508422ca9e6698463ff9357c928c22dFixed21a39b958b4bcf44f7674bfbbe1bbb8cad0d842dFixedb6f56a44e4c1014b08859dcf04ed246500e310e5
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.6.0Fixed5.4.300
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.245
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.194
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.154
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.108
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.49
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.16.9