Reference Leak in appletb_kbd Backlight Device in Linux Kernel
CVE-2025-38235

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
6 July 2025

What is CVE-2025-38235?

The appletb_kbd module in the Linux kernel contains a vulnerability that leads to a reference leak within the backlight device management. During the initialization process (appletb_kbd_probe), the module attempts to acquire a backlight device using its name 'appletb_backlight'. Although the corresponding reference count is incremented when the device is found, it is never decremented, which results in a reference count build-up over time. To mitigate this issue, the fix implements a mechanism to decrement the reference count on both removal and probe failure, ensuring proper management of device references and prevents potential resource exhaustion.

Affected Version(s)

Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 751d5437112a3f387de4ef6d2d1c131068ff7627

Linux 93a0fc48948107e0cc34e1de22c3cb363a8f2783 < 4540e41e753a7d69ecd3f5bad51fe620205c3a18

Linux 6.15

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38235 : Reference Leak in appletb_kbd Backlight Device in Linux Kernel