CVE-2025-38235

06.07.2025, 10:15

In the Linux kernel, the following vulnerability has been resolved:

HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting

During appletb_kbd_probe, probe attempts to get the backlight device
by name. When this happens backlight_device_get_by_name looks for a
device in the backlight class which has name "appletb_backlight" and
upon finding a match it increments the reference count for the device
and returns it to the caller. However this reference is never released
leading to a reference leak.

Fix this by decrementing the backlight device reference count on removal
via put_device and on probe failure.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.137-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie	6.12.33-1 fixed
trixie (security)	6.12.31-1 fixed
sid	6.12.35-1 fixed

References

https://git.kernel.org/stable/c/4540e41e753a7d69ecd3f5bad51fe620205c3a18

https://git.kernel.org/stable/c/751d5437112a3f387de4ef6d2d1c131068ff7627