CVE-2025-39960 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39960 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct acpi_gpio_info"), uninitialized acpi_gpio_info struct are passed to __acpi_find_gpio() and later in the call stack info->quirks is used in acpi_populate_gpio_lookup. This breaks the i2c_hid_cpi driver: [ 58.122916] i2c_hid_acpi i2c-UNIW0001:00: HID over i2c has not been provided an Int IRQ [ 58.123097] i2c_hid_acpi i2c-UNIW0001:00: probe with driver i2c_hid_acpi failed with error -22 Fix this by initializing the acpi_gpio_info pass to __acpi_find_gpio()

EPSS 0.02% · 4.7th percentile

Risk Scores

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.17, 6.16, 6.17
Linux	Linux	7c010d463372140006bf96985a306d6cbfc6e118, 6.16, 0

Timeline

Jan 21, 1970 Security Advisory
Oct 9, 2025 Coalition ESS Score
Oct 9, 2025 CVE Published
Oct 10, 2025 EPSS Score
Oct 16, 2025 EPSS Score
Oct 19, 2025 Coalition ESS Score
Oct 21, 2025 EPSS Score
Oct 27, 2025 EPSS Score
Nov 2, 2025 EPSS Score
Nov 8, 2025 EPSS Score
Nov 11, 2025 Coalition ESS Score
Nov 13, 2025 EPSS Score

References

Open in Interactive Console →