Linux Kernel Vulnerability in RFKill due to Uninitialized Pointer Dereference
CVE-2025-39937

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39937?

A notable vulnerability exists within the Linux kernel's RFKill functionality, triggered by an uninitialized pointer dereference during operations involving specific ACPI devices such as 'BCM4752' or 'LNV4752'. The issue arises when the rfkill-gpio module binds to these devices and fails to read the required 'type' property, causing the kernel to attempt dereferencing a NULL pointer. Although this issue has gone largely unnoticed due to the rarity of affected hardware configurations, it poses a risk of system crashes, necessitating immediate attention for proper device handling.

Affected Version(s)

Linux 7d5e9737efda16535e5b54bd627ef4881d11d31f < 184f608a68f96794e8fe58cd5535014d53622cde

Linux 7d5e9737efda16535e5b54bd627ef4881d11d31f < 8793e7a8e1b60131a825457174ed6398111daeb7

Linux 7d5e9737efda16535e5b54bd627ef4881d11d31f

References

https://git.kernel.org/stable/c/184f608a68f96794e8fe58cd5...

https://git.kernel.org/stable/c/8793e7a8e1b60131a82545717...

https://git.kernel.org/stable/c/ada2282259243387e6b6e8923...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON