CVE-2025-68758

NONE EPSS 6.1%
Published Jan 5, 20265mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Jan 5, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections in a device tree overlay: // An LED driver chip pca9632@62 { compatible = "nxp,pca9632"; reg = <0x62>; // ... addon_led_pwm: led-pwm@3 { reg = <3>; label = "addon:led:pwm"; }; }; backlight-addon { compatible = "led-backlight"; leds = <&addon_led_pwm>; brightness-levels = <255>; default-brightness-level = <255>; }; In this example, the devlink should be created between the backlight-addon (consumer) and the pca9632@62 (supplier). Instead it is created between the backlight-addon (consumer) and the parent of the pca9632@62, which is typically the I2C bus adapter. On removal of the above overlay, the LED driver can be removed before the backlight device, resulting in: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... Call trace: led_put+0xe0/0x140 devm_led_release+0x6c/0x98 Another way to reproduce the bug without any device tree overlays is unbinding the LED class device (pca9632@62) before unbinding the consumer (backlight-addon): echo 11-0062 >/sys/bus/i2c/drivers/leds-pca963x/unbind echo ...backlight-dock >/sys/bus/platform/drivers/led-backlight/unbind Fix by adding a devlink between the consuming led-backlight device and the supplying LED device, as other drivers and subsystems do as well.

Threat Intelligence

EPSS Exploit Probability
6.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/08c9dc6b0f2c68e5e7c374ac4499e321e435d46c
  • git.kernel.org https://git.kernel.org/stable/c/0e63ea4378489e09eb5e920c8a50c10caacf563a
  • git.kernel.org https://git.kernel.org/stable/c/30cbe4b642745a9488a0f0d78be43afe69d7555c
  • git.kernel.org https://git.kernel.org/stable/c/60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9
  • git.kernel.org https://git.kernel.org/stable/c/64739adf3eef063b8e2c72b7e919eac8c6480bf0
  • git.kernel.org https://git.kernel.org/stable/c/9341d6698f4cfdfc374fb6944158d111ebe16a9d
  • git.kernel.org https://git.kernel.org/stable/c/cd01a24b3e52d6777b49c917d841f125fe9eebd0
  • git.kernel.org https://git.kernel.org/stable/c/e06df738a9ad8417f1c4c7cd6992cda320e9e7ca

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.