Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2025-23144

In the Linux kernel, the following vulnerability has been resolved:

backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()

Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80 ... [ 142.500725] Call trace: [ 142.503176] led_sysfs_enable+0x54/0x80 (P) [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl] [ 142.511742] platform_remove+0x30/0x58 [ 142.515501] device_remove+0x54/0x90 ...

Indeed, led_sysfs_enable() has to be called with the led_access lock held.

Hold the lock when calling led_sysfs_disable().

  • Published: May 1, 2025
  • Updated: Nov 7, 2025
  • CVE: CVE-2025-23144
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 5.6.1 5.10.237
linux / linux_kernel 5.11 5.15.181
linux / linux_kernel 5.16 6.1.136
linux / linux_kernel 6.2 6.6.88
linux / linux_kernel 6.7 6.12.24
linux / linux_kernel 6.13 6.13.12
linux / linux_kernel 6.14 6.14.3
linux / linux_kernel 5.6 5.6.x
linux / linux_kernel 5.6-rc5 5.6-rc5.x
linux / linux_kernel 5.6-rc6 5.6-rc6.x
linux / linux_kernel 5.6-rc7 5.6-rc7.x
debian / debian_linux 11.0 11.0.x