CVE-2025-39960 – gpiolib: acpi: initialize acpi_gpio_info struct

CVE ID : CVE-2025-39960

Published : Oct. 9, 2025, 12:13 p.m. | 24 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

gpiolib: acpi: initialize acpi_gpio_info struct

Since commit 7c010d463372 (“gpiolib: acpi: Make sure we fill struct
acpi_gpio_info”), uninitialized acpi_gpio_info struct are passed to
__acpi_find_gpio() and later in the call stack info->quirks is used in
acpi_populate_gpio_lookup. This breaks the i2c_hid_cpi driver:

[ 58.122916] i2c_hid_acpi i2c-UNIW0001:00: HID over i2c has not been provided an Int IRQ
[ 58.123097] i2c_hid_acpi i2c-UNIW0001:00: probe with driver i2c_hid_acpi failed with error -22

Fix this by initializing the acpi_gpio_info pass to __acpi_find_gpio()

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…