Reference Leak in appletb_kbd Backlight Device in Linux Kernel
CVE-2025-38235
What is CVE-2025-38235?
The appletb_kbd module in the Linux kernel contains a vulnerability that leads to a reference leak within the backlight device management. During the initialization process (appletb_kbd_probe), the module attempts to acquire a backlight device using its name 'appletb_backlight'. Although the corresponding reference count is incremented when the device is found, it is never decremented, which results in a reference count build-up over time. To mitigate this issue, the fix implements a mechanism to decrement the reference count on both removal and probe failure, ensuring proper management of device references and prevents potential resource exhaustion.
Affected Version(s)
Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 751d5437112a3f387de4ef6d2d1c131068ff7627
Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 4540e41e753a7d69ecd3f5bad51fe620205c3a18
Linux 6.15