CVE-2025-39701
ACPI: pfr_update: Fix the driver update version check
No sign of exploitation. No public exploitation artifact known so far.
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
05 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
ACPI: pfr_update: Fix the driver update version check
The security-version-number check should be used rather
than the runtime version check for driver updates.
Otherwise, the firmware update would fail when the update binary had
a lower runtime version number than the current one.
[ rjw: Changelog edits ]
Affected products
Linux · LinuxReferences
https://cert-portal.siemens.com/productcert/html/ssa-032379.htmlhttps://git.kernel.org/stable/c/79300ff532bccbbf654992c7c0863b49a6c3973chttps://git.kernel.org/stable/c/8151320c747efb22d30b035af989fed0d502176ehttps://git.kernel.org/stable/c/908094681f645d3a78e18ef90561a97029e2df7bhttps://git.kernel.org/stable/c/b00219888c11519ef75d988fa8a780da68ff568ehttps://git.kernel.org/stable/c/cf0a88124e357bffda487cbf3cb612bb97eb97e4https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html