Home

Description

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from device property") rfkill_find_type() gets called with the possibly uninitialized "const char *type_name;" local variable. On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752" acpi_device, the rfkill->type is set based on the ACPI acpi_device_id: rfkill->type = (unsigned)id->driver_data; and there is no "type" property so device_property_read_string() will fail and leave type_name uninitialized, leading to a potential crash. rfkill_find_type() does accept a NULL pointer, fix the potential crash by initializing type_name to NULL. Note likely sofar this has not been caught because: 1. Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device 2. The stack happened to contain NULL where type_name is stored

PUBLISHED Reserved 2025-04-16 | Published 2025-10-04 | Updated 2025-10-04 | Assigner Linux

Product status

Default status
unaffected

7d5e9737efda16535e5b54bd627ef4881d11d31f before 184f608a68f96794e8fe58cd5535014d53622cde
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before 8793e7a8e1b60131a825457174ed6398111daeb7
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before ada2282259243387e6b6e89239aeb4897e62f051
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before 47ade5f9d70b23a119ec20b1c6504864b2543a79
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before 689aee35ce671aab752f159e5c8e66d7685e6887
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before 21ba85d9d508422ca9e6698463ff9357c928c22d
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before 21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d
affected

7d5e9737efda16535e5b54bd627ef4881d11d31f before b6f56a44e4c1014b08859dcf04ed246500e310e5
affected

Default status
affected

4.6
affected

Any version before 4.6
unaffected

5.4.300
unaffected

5.10.245
unaffected

5.15.194
unaffected

6.1.154
unaffected

6.6.108
unaffected

6.12.49
unaffected

6.16.9
unaffected

6.17
unaffected

References

git.kernel.org/...c/184f608a68f96794e8fe58cd5535014d53622cde

git.kernel.org/...c/8793e7a8e1b60131a825457174ed6398111daeb7

git.kernel.org/...c/ada2282259243387e6b6e89239aeb4897e62f051

git.kernel.org/...c/47ade5f9d70b23a119ec20b1c6504864b2543a79

git.kernel.org/...c/689aee35ce671aab752f159e5c8e66d7685e6887

git.kernel.org/...c/21ba85d9d508422ca9e6698463ff9357c928c22d

git.kernel.org/...c/21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d

git.kernel.org/...c/b6f56a44e4c1014b08859dcf04ed246500e310e5

cve.org (CVE-2025-39937)

nvd.nist.gov (CVE-2025-39937)

Download JSON