Reference Leak in appletb_kbd Backlight Device in Linux Kernel
CVE-2025-38235

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 July 2025

What is CVE-2025-38235?

The appletb_kbd module in the Linux kernel contains a vulnerability that leads to a reference leak within the backlight device management. During the initialization process (appletb_kbd_probe), the module attempts to acquire a backlight device using its name 'appletb_backlight'. Although the corresponding reference count is incremented when the device is found, it is never decremented, which results in a reference count build-up over time. To mitigate this issue, the fix implements a mechanism to decrement the reference count on both removal and probe failure, ensuring proper management of device references and prevents potential resource exhaustion.

Affected Version(s)

Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 751d5437112a3f387de4ef6d2d1c131068ff7627

Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 4540e41e753a7d69ecd3f5bad51fe620205c3a18

Linux 6.15

References

https://git.kernel.org/stable/c/751d5437112a3f387de4ef6d2...

https://git.kernel.org/stable/c/4540e41e753a7d69ecd3f5bad...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2025
Vulnerability Reserved
Apr 16, 2025