CVE-2025-23144
MEDIUMLinux Kernel - Denial of Service via Lockdep Issue in LED Backlight Removal
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80 ... [ 142.500725] Call trace: [ 142.503176] led_sysfs_enable+0x54/0x80 (P) [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl] [ 142.511742] platform_remove+0x30/0x58 [ 142.515501] device_remove+0x54/0x90 ... Indeed, led_sysfs_enable() has to be called with the led_access lock held. Hold the lock when calling led_sysfs_disable().
References (10)
Core 10
Core References
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
30.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (28)
debian/debian_linux
11.0
linux/Kernel
5.11.0 - 5.15.181linux
linux/Kernel
5.16.0 - 6.1.136linux
linux/Kernel
5.6.0 - 5.10.237linux
linux/Kernel
6.13.0 - 6.13.12linux
linux/Kernel
6.14.0 - 6.14.3linux
linux/Kernel
6.2.0 - 6.6.88linux
linux/Kernel
6.7.0 - 6.12.24linux
Linux/Linux
< 5.6
Linux/Linux
5.10.237 - 5.10.*
... and 18 more
Published
May 01, 2025
Tracked Since
Feb 18, 2026