CVE-2025-39937

Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from device property") rfkillfindtype() gets called with the possibly uninitialized "const char *type_name;" local variable.

On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752" acpidevice, the rfkill->type is set based on the ACPI acpidevice_id:

    rfkill->type = (unsigned)id->driver_data;

and there is no "type" property so devicepropertyreadstring() will fail and leave typename uninitialized, leading to a potential crash.

rfkillfindtype() does accept a NULL pointer, fix the potential crash by initializing type_name to NULL.

Note likely sofar this has not been caught because:

Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device
The stack happened to contain NULL where type_name is stored

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39937.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7d5e9737efda16535e5b54bd627ef4881d11d31f

Fixed

184f608a68f96794e8fe58cd5535014d53622cde

Fixed

8793e7a8e1b60131a825457174ed6398111daeb7

Fixed

ada2282259243387e6b6e89239aeb4897e62f051

Fixed

47ade5f9d70b23a119ec20b1c6504864b2543a79

Fixed

689aee35ce671aab752f159e5c8e66d7685e6887

Fixed

21ba85d9d508422ca9e6698463ff9357c928c22d

Fixed

21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d

Fixed

b6f56a44e4c1014b08859dcf04ed246500e310e5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39937.json"