Acknowledged
Created: Oct 10, 2025
Updated: Oct 17, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer[EOL][EOL]Since commit 7d5e9737efda ("net: rfkill: gpio: get the name and type from[EOL]device property") rfkill_find_type() gets called with the possibly[EOL]uninitialized "const char *type_name;" local variable.[EOL][EOL]On x86 systems when rfkill-gpio binds to a "BCM4752" or "LNV4752"[EOL]acpi_device, the rfkill->type is set based on the ACPI acpi_device_id:[EOL][EOL] rfkill->type = (unsigned)id->driver_data;[EOL][EOL]and there is no "type" property so device_property_read_string() will fail[EOL]and leave type_name uninitialized, leading to a potential crash.[EOL][EOL]rfkill_find_type() does accept a NULL pointer, fix the potential crash[EOL]by initializing type_name to NULL.[EOL][EOL]Note likely sofar this has not been caught because:[EOL][EOL]1. Not many x86 machines actually have a "BCM4752"/"LNV4752" acpi_device[EOL]2. The stack happened to contain NULL where type_name is stored
