CVE-2025-39701

Sažetak

In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware update would fail when the update binary had a lower runtime version number than the current one. [ rjw: Changelog edits ]

Reference

https://git.kernel.org/stable/c/79300ff532bccbbf654992c7c0863b49a6c3973c
https://git.kernel.org/stable/c/8151320c747efb22d30b035af989fed0d502176e
https://git.kernel.org/stable/c/908094681f645d3a78e18ef90561a97029e2df7b
https://git.kernel.org/stable/c/b00219888c11519ef75d988fa8a780da68ff568e
https://git.kernel.org/stable/c/cf0a88124e357bffda487cbf3cb612bb97eb97e4
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

08-01-2026 - 16:04

Objavljeno

05-09-2025 - 18:15