PT-2025-36295 · Linux+6 · Linux Kernel+6

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-39701

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contained an issue in the ACPI pfr update functionality. The driver update version check used the runtime version number instead of the security-version-number, causing firmware updates to fail when the update binary had a lower runtime version number than the current one.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-1025

Related Identifiers

AZL-66998
BDU:2025-15717
CVE-2025-39701
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-FFEF-36C4-5827
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2633
OESA-2025-2634
OESA-2025-2635
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu