Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's gpiolib ACPI component where an uninitialized acpi_gpio_info structure is passed to the __acpi_find_gpio() function. Because the structure is not properly initialized, the driver i2c_hid_cpi fails to operate correctly, resulting in errors such as the HID over i2c device not receiving an interrupt request (IRQ) and the driver probe failing with error -22. The issue was fixed by ensuring the acpi_gpio_info structure is properly initialized before being used.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can cause the i2c_hid_cpi driver to fail to initialize properly, leading to malfunction or failure of HID devices that rely on the i2c interface with ACPI GPIO. This may result in input devices such as touchpads or keyboards not working correctly on affected Linux systems.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking system logs for specific error messages related to the i2c_hid_acpi driver failure. Look for kernel log entries similar to: '[ 58.122916] i2c_hid_acpi i2c-UNIW0001:00: HID over i2c has not been provided an Int IRQ' and '[ 58.123097] i2c_hid_acpi i2c-UNIW0001:00: probe with driver i2c_hid_acpi failed with error -22'. You can use the command 'dmesg | grep i2c_hid_acpi' or 'journalctl -k | grep i2c_hid_acpi' to find these messages.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to update the Linux kernel to a version that includes the fix for initializing the acpi_gpio_info struct, which prevents the i2c_hid_acpi driver failure. Applying the kernel patch that ensures acpi_gpio_info is properly initialized before being passed to __acpi_find_gpio() will resolve the issue.

Useful 0 Not Useful 0