LED Backlight Vulnerability in Linux Kernel Affects Multiple Devices
CVE-2025-68758

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 January 2026

What is CVE-2025-68758?

The Linux kernel has identified a vulnerability related to the LED Backlight subsystem, where incorrect supplier-producer links are established. Specifically, when a class device functions as a supplier for LED devices, the devlink is improperly generated. This misconfiguration can lead to issues where the removal order of devices is not enforced, particularly in configurations involving device tree overlays. It results in a scenario where the LED driver is removed prior to the associated backlight device, causing a kernel NULL pointer dereference. The vulnerability has been addressed by ensuring correct devlink creation between consuming and supplying devices.

Affected Version(s)

Linux ae232e45acf9621f2c96b41ca3af006ac7552c33 < 0e63ea4378489e09eb5e920c8a50c10caacf563a

Linux ae232e45acf9621f2c96b41ca3af006ac7552c33 < 60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9

Linux ae232e45acf9621f2c96b41ca3af006ac7552c33 < 08c9dc6b0f2c68e5e7c374ac4499e321e435d46c

References

https://git.kernel.org/stable/c/0e63ea4378489e09eb5e920c8...

https://git.kernel.org/stable/c/60a24070392ec726ccfe6ad1c...

https://git.kernel.org/stable/c/08c9dc6b0f2c68e5e7c374ac4...

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Dec 24, 2025

JSON