CVE-2025-38235
BaseFortify
Publication date: 2025-07-06
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference leak in the Linux kernel's appletb-kbd driver. During the probe process, the driver obtains a backlight device by name, which increases the device's reference count. However, this reference count is never decreased, causing a reference leak. The issue is fixed by properly decrementing the reference count when the device is removed or when the probe fails.
How can this vulnerability impact me? :
The reference leak caused by this vulnerability can lead to resource exhaustion in the kernel, potentially causing system instability or degraded performance over time as the leaked references accumulate.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the appletb-kbd backlight device reference counting issue has been fixed. This involves applying the patch that decrements the backlight device reference count on removal and on probe failure, preventing the reference leak.