Linux Kernel Uninitialized Structure Vulnerability in ACPI GPIO Handling

A vulnerability exists in the Linux kernel's handling of ACPI GPIO information, specifically within the gpiolib component. Uninitialized 'acpi_gpio_info' structures are passed to the '__acpi_find_gpio()' function, which can lead to issues when the 'quirks' field is accessed in 'acpi_populate_gpio_lookup'. This flaw disrupts the 'i2c_hid_acpi' driver, causing it to fail during initialization with an error indicating that a required interrupt request was not provided. The problem arises from a previous commit that failed to properly initialize the GPIO information structure before it was used, particularly affecting several versions of the Linux kernel.

Impact

The vulnerability can cause the 'i2c_hid_acpi' driver to fail during initialization, leading to a disruption in the functionality of devices using this driver.

Reproduction

The vulnerability can be reproduced by loading a device that relies on the 'i2c_hid_acpi' driver after the problematic commit has been applied. The driver will fail to initialize properly, returning an error due to the missing interrupt request, which is a direct result of the uninitialized 'acpi_gpio_info' structure being passed to the GPIO handling functions.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed, to restore proper functionality to the 'i2c_hid_acpi' driver.