CVE-2025-39937

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer<br /> <br /> Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from<br /> device property") rfkill_find_type() gets called with the possibly<br /> uninitialized "const char *type_name;" local variable.<br /> <br /> On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752"<br /> acpi_device, the rfkill-&gt;type is set based on the ACPI acpi_device_id:<br /> <br /> rfkill-&gt;type = (unsigned)id-&gt;driver_data;<br /> <br /> and there is no "type" property so device_property_read_string() will fail<br /> and leave type_name uninitialized, leading to a potential crash.<br /> <br /> rfkill_find_type() does accept a NULL pointer, fix the potential crash<br /> by initializing type_name to NULL.<br /> <br /> Note likely sofar this has not been caught because:<br /> <br /> 1. Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device<br /> 2. The stack happened to contain NULL where type_name is stored