VDB

CVE-2025-39960

CVE-2025-39960 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct acpi_gpio_info"), uninitialized acpi_gpio_info struct are passed to __acpi_find_gpio() and later in the call stack info->quirks is used in acpi_populate_gpio_lookup. This breaks the i2c_hid_cpi driver: [ 58.122916] i2c_hid_acpi i2c-UNIW0001:00: HID over i2c has not been provided an Int IRQ [ 58.123097] i2c_hid_acpi i2c-UNIW0001:00: probe with driver i2c_hid_acpi failed with error -22 Fix this by initializing the acpi_gpio_info pass to __acpi_find_gpio()

EPSS 0.02% · 6.0th percentile

Risk Scores

EPSS Score
0.02%
6.0th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel6.16, 6.16, 6.16
LinuxLinux7c010d463372140006bf96985a306d6cbfc6e118, 7c010d463372140006bf96985a306d6cbfc6e118, 6.16

Timeline

  • Jan 21, 1970 Security Advisory
  • Oct 9, 2025 Coalition ESS Score
  • Oct 9, 2025 CVE Published
  • Oct 10, 2025 EPSS Score
  • Oct 16, 2025 EPSS Score
  • Oct 19, 2025 Coalition ESS Score
  • Oct 23, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 4, 2025 EPSS Score
  • Nov 10, 2025 EPSS Score
  • Nov 11, 2025 Coalition ESS Score
  • Nov 17, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›