Wiz
Vulnerability DatabaseCVE-2025-39960

CVE-2025-39960
Linux Debian vulnerability analysis and mitigation

Overview

CVE-2025-39960 is a vulnerability in the Linux kernel's GPIO ACPI interface discovered and disclosed on October 9, 2025. The issue affects the gpiolib ACPI subsystem where uninitialized acpigpioinfo structures are passed to _acpifindgpio() function, impacting the i2chid_cpi driver functionality (NVD, RedHat).

Technical details

The vulnerability stems from commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct acpigpioinfo") where uninitialized acpigpioinfo structures are passed to _acpifindgpio(). Later in the call stack, info->quirks is used in acpipopulategpiolookup without proper initialization. This results in the i2chidcpi driver failing with error -22 when HID over i2c is not provided with an Int IRQ (NVD).

Impact

The vulnerability causes operational failures in the i2chidcpi driver, preventing proper initialization of HID devices over i2c interfaces. This is evidenced by the error message "HID over i2c has not been provided an Int IRQ" and subsequent driver probe failure (RedHat).

Mitigation and workarounds

The issue has been resolved by implementing proper initialization of the acpigpioinfo structure before passing it to _acpifind_gpio(). The fix ensures that all required fields, including quirks, are properly initialized before use (NVD).

Additional resources

SourceThis report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-11266MEDIUM6.8
  • Linux DebianLinux Debian
  • gdcm
NoNoDec 12, 2025
CVE-2025-67897MEDIUM5.3
  • Linux DebianLinux Debian
  • rust-sequoia-openpgp
NoYesDec 14, 2025
CVE-2025-14607MEDIUM5.3
  • Linux DebianLinux Debian
  • dcmtk
NoNoDec 13, 2025
CVE-2025-67749MEDIUM5.3
  • Linux DebianLinux Debian
  • pcsx2
NoNoDec 12, 2025
CVE-2025-40345N/AN/A
  • Linux KernelLinux Kernel
  • bpftool
NoYesDec 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo