CVE-2025-68758
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-05

Last updated on: 2026-01-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections in a device tree overlay: // An LED driver chip pca9632@62 { compatible = "nxp,pca9632"; reg = <0x62>; // ... addon_led_pwm: led-pwm@3 { reg = <3>; label = "addon:led:pwm"; }; }; backlight-addon { compatible = "led-backlight"; leds = <&addon_led_pwm>; brightness-levels = <255>; default-brightness-level = <255>; }; In this example, the devlink should be created between the backlight-addon (consumer) and the pca9632@62 (supplier). Instead it is created between the backlight-addon (consumer) and the parent of the pca9632@62, which is typically the I2C bus adapter. On removal of the above overlay, the LED driver can be removed before the backlight device, resulting in: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... Call trace: led_put+0xe0/0x140 devm_led_release+0x6c/0x98 Another way to reproduce the bug without any device tree overlays is unbinding the LED class device (pca9632@62) before unbinding the consumer (backlight-addon): echo 11-0062 >/sys/bus/i2c/drivers/leds-pca963x/unbind echo ...backlight-dock >/sys/bus/platform/drivers/led-backlight/unbind Fix by adding a devlink between the consuming led-backlight device and the supplying LED device, as other drivers and subsystems do as well.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-19
Generated
2026-05-07
AI Q&A
2026-01-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68758
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the LED Backlight subsystem where the devlink mechanism fails to correctly create supplier-producer links when the supplier is a class device. Instead of linking the backlight consumer device to the actual LED driver supplier device, the link is incorrectly created to the supplier's parent device (usually the I2C bus adapter). This incorrect linking causes the removal order of devices to be improperly enforced, allowing the LED driver to be removed before the backlight device. This can lead to a kernel NULL pointer dereference and a crash when the backlight device tries to access the already removed LED driver.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the devlink between the consuming led-backlight device and the supplying LED device is correctly established to enforce proper removal order. This prevents the LED driver from being removed before the backlight device, avoiding kernel NULL pointer dereferences. Applying the kernel fix that adds this devlink is necessary.


How can this vulnerability impact me? :

This vulnerability can cause system instability or crashes due to a kernel NULL pointer dereference when the LED driver is removed before the backlight device. This improper removal order can lead to unexpected behavior or system failures, potentially impacting device reliability and uptime.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel error messages related to LED backlight device removal order issues, such as kernel NULL pointer dereferences during device unbinding. Specifically, you can try unbinding the LED class device before unbinding the backlight consumer device to reproduce the issue. Example commands to test this are: echo 11-0062 >/sys/bus/i2c/drivers/leds-pca963x/unbind echo ...backlight-dock >/sys/bus/platform/drivers/led-backlight/unbind If these commands cause kernel errors or crashes, the vulnerability is present.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart