ACPI GPIO Information Initialization Flaw in Linux Kernel Affects Driver Functionality
CVE-2025-39960

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-39960?

A vulnerability has been identified within the Linux Kernel where the uninitialized 'acpi_gpio_info' structure is passed to the '__acpi_find_gpio()' function. This misconfiguration can lead to failures in driver initialization for I2C HID devices, directly impacting their operation and functionality. The issue predominantly arises due to the absence of proper initialization before accessing 'info->quirks' within the 'acpi_populate_gpio_lookup()' method, resulting in instability and errors during device probing.

Affected Version(s)

Linux 7c010d463372140006bf96985a306d6cbfc6e118 < 27d94a2a52cbb54927c0140bd5b978c56e9a283a

Linux 7c010d463372140006bf96985a306d6cbfc6e118 < 19c839a98c731169f06d32e7c9e00c78a0086ebe

Linux 6.16

References

https://git.kernel.org/stable/c/27d94a2a52cbb54927c0140bd...

https://git.kernel.org/stable/c/19c839a98c731169f06d32e7c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON