CVE-2025-39701
ACPI: pfr_update: Fix the driver update version check
Sin señal de explotación. Ningún artefacto público de explotación conocido hasta ahora.
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
05 sep 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
ACPI: pfr_update: Fix the driver update version check
The security-version-number check should be used rather
than the runtime version check for driver updates.
Otherwise, the firmware update would fail when the update binary had
a lower runtime version number than the current one.
[ rjw: Changelog edits ]
Productos afectados
Linux · LinuxReferencias
https://cert-portal.siemens.com/productcert/html/ssa-032379.htmlhttps://git.kernel.org/stable/c/79300ff532bccbbf654992c7c0863b49a6c3973chttps://git.kernel.org/stable/c/8151320c747efb22d30b035af989fed0d502176ehttps://git.kernel.org/stable/c/908094681f645d3a78e18ef90561a97029e2df7bhttps://git.kernel.org/stable/c/b00219888c11519ef75d988fa8a780da68ff568ehttps://git.kernel.org/stable/c/cf0a88124e357bffda487cbf3cb612bb97eb97e4https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html