CVE-2025-23144
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
06/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()<br />
<br />
Lockdep detects the following issue on led-backlight removal:<br />
[ 142.315935] ------------[ cut here ]------------<br />
[ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80<br />
...<br />
[ 142.500725] Call trace:<br />
[ 142.503176] led_sysfs_enable+0x54/0x80 (P)<br />
[ 142.507370] led_bl_remove+0x80/0xa8 [led_bl]<br />
[ 142.511742] platform_remove+0x30/0x58<br />
[ 142.515501] device_remove+0x54/0x90<br />
...<br />
<br />
Indeed, led_sysfs_enable() has to be called with the led_access<br />
lock held.<br />
<br />
Hold the lock when calling led_sysfs_disable().
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.6.1 (including) | 5.10.237 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.181 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.136 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.6:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.6:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/11d128f7eacec276c75cf4712880a6307ca9c885
- https://git.kernel.org/stable/c/1c82f5a393d8b9a5c1ea032413719862098afd4b
- https://git.kernel.org/stable/c/276822a00db3c1061382b41e72cafc09d6a0ec30
- https://git.kernel.org/stable/c/61a5c565fd2442d3128f3bab5f022658adc3a4e6
- https://git.kernel.org/stable/c/74c7d67a3c305fc1fa03c32a838e8446fb7aee14
- https://git.kernel.org/stable/c/87d947a0607be384bfe7bb0935884a711e35ca07
- https://git.kernel.org/stable/c/b447885ec9130cf86f355e011dc6b94d6ccfb5b7
- https://git.kernel.org/stable/c/b8ddf5107f53789448900f04fa220f34cd2f777e
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html