Vulnerability in Linux kernel affects firmware update processes
CVE-2025-39701

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39701?

A vulnerability in the Linux kernel's ACPI component has been identified, which affects the driver update version check mechanism. When a firmware update is executed, the current implementation relies on runtime version checks, which can lead to update failures if the update binary has a lower runtime version number. This misalignment poses risks in ensuring firmware integrity and operational consistency, potentially exposing systems to further vulnerabilities.

Affected Version(s)

Linux 0db89fa243e5edc5de38c88b369e4c3755c5fb74 < 79300ff532bccbbf654992c7c0863b49a6c3973c

Linux 0db89fa243e5edc5de38c88b369e4c3755c5fb74

References

https://git.kernel.org/stable/c/79300ff532bccbbf654992c7c...

https://git.kernel.org/stable/c/cf0a88124e357bffda487cbf3...

https://git.kernel.org/stable/c/b00219888c11519ef75d988fa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025