{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68758","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.033Z","datePublished":"2026-01-05T09:32:31.399Z","dateUpdated":"2026-05-11T21:52:46.981Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:46.981Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led-bl: Add devlink to supplier LEDs\n\nLED Backlight is a consumer of one or multiple LED class devices, but\ndevlink is currently unable to create correct supplier-producer links when\nthe supplier is a class device. It creates instead a link where the\nsupplier is the parent of the expected device.\n\nOne consequence is that removal order is not correctly enforced.\n\nIssues happen for example with the following sections in a device tree\noverlay:\n\n    // An LED driver chip\n    pca9632@62 {\n        compatible = \"nxp,pca9632\";\n        reg = <0x62>;\n\n\t// ...\n\n        addon_led_pwm: led-pwm@3 {\n            reg = <3>;\n            label = \"addon:led:pwm\";\n        };\n    };\n\n    backlight-addon {\n        compatible = \"led-backlight\";\n        leds = <&addon_led_pwm>;\n        brightness-levels = <255>;\n        default-brightness-level = <255>;\n    };\n\nIn this example, the devlink should be created between the backlight-addon\n(consumer) and the pca9632@62 (supplier). Instead it is created between the\nbacklight-addon (consumer) and the parent of the pca9632@62, which is\ntypically the I2C bus adapter.\n\nOn removal of the above overlay, the LED driver can be removed before the\nbacklight device, resulting in:\n\n    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n    ...\n    Call trace:\n     led_put+0xe0/0x140\n     devm_led_release+0x6c/0x98\n\nAnother way to reproduce the bug without any device tree overlays is\nunbinding the LED class device (pca9632@62) before unbinding the consumer\n(backlight-addon):\n\n  echo 11-0062 >/sys/bus/i2c/drivers/leds-pca963x/unbind\n  echo ...backlight-dock >/sys/bus/platform/drivers/led-backlight/unbind\n\nFix by adding a devlink between the consuming led-backlight device and the\nsupplying LED device, as other drivers and subsystems do as well."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/video/backlight/led_bl.c"],"versions":[{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"64739adf3eef063b8e2c72b7e919eac8c6480bf0","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"cd01a24b3e52d6777b49c917d841f125fe9eebd0","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"e06df738a9ad8417f1c4c7cd6992cda320e9e7ca","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"30cbe4b642745a9488a0f0d78be43afe69d7555c","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"0e63ea4378489e09eb5e920c8a50c10caacf563a","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"08c9dc6b0f2c68e5e7c374ac4499e321e435d46c","status":"affected","versionType":"git"},{"version":"ae232e45acf9621f2c96b41ca3af006ac7552c33","lessThan":"9341d6698f4cfdfc374fb6944158d111ebe16a9d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/video/backlight/led_bl.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/64739adf3eef063b8e2c72b7e919eac8c6480bf0"},{"url":"https://git.kernel.org/stable/c/cd01a24b3e52d6777b49c917d841f125fe9eebd0"},{"url":"https://git.kernel.org/stable/c/e06df738a9ad8417f1c4c7cd6992cda320e9e7ca"},{"url":"https://git.kernel.org/stable/c/30cbe4b642745a9488a0f0d78be43afe69d7555c"},{"url":"https://git.kernel.org/stable/c/0e63ea4378489e09eb5e920c8a50c10caacf563a"},{"url":"https://git.kernel.org/stable/c/60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9"},{"url":"https://git.kernel.org/stable/c/08c9dc6b0f2c68e5e7c374ac4499e321e435d46c"},{"url":"https://git.kernel.org/stable/c/9341d6698f4cfdfc374fb6944158d111ebe16a9d"}],"title":"backlight: led-bl: Add devlink to supplier LEDs","x_generator":{"engine":"bippy-1.2.0"}}}}