Null Pointer Dereference in Linux Kernel's Backlight Configuration by Vendor
CVE-2025-38143

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
3 July 2025

What is CVE-2025-38143?

The vulnerability stems from the absence of a NULL check in the 'wled_configure()' function of the Linux kernel's backlight subsystem. When memory allocation via 'devm_kasprintf()' fails, a NULL pointer dereference occurs, potentially leading to system crashes or unpredictable behavior. The recent patch implements a necessary NULL check to enhance robustness and prevent these critical errors, ensuring smoother operation of backlight features in supported devices.

Affected Version(s)

Linux f86b77583d88c8402e8d89a339d96f847318f8a8 < 6a56446595730a5e3f06a30902e23cb037d28146

Linux f86b77583d88c8402e8d89a339d96f847318f8a8 < 9d06ac32c202142da40904180f2669ed4f5073ac

Linux f86b77583d88c8402e8d89a339d96f847318f8a8 < 21528806560510458378ea52c37e35b0773afaea

References

https://git.kernel.org/stable/c/6a56446595730a5e3f06a3090...
https://git.kernel.org/stable/c/9d06ac32c202142da40904180...
https://git.kernel.org/stable/c/21528806560510458378ea52c...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38143 : Null Pointer Dereference in Linux Kernel's Backlight Configuration by Vendor