Wind River Support Network

HomeDefectsLIN1023-12791
Acknowledged

LIN1023-12791 : Security Advisory - linux - CVE-2025-23144

Created: May 6, 2025    Updated: May 7, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()

Lockdep detects the following issue on led-backlight removal:
    142.315935] ------------[ cut here ]------------
  [  142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80
  ...
  [  142.500725] Call trace:
  [  142.503176]  led_sysfs_enable+0x54/0x80 (P)
  [  142.507370]  led_bl_remove+0x80/0xa8 [led_bl]
  [  142.511742]  platform_remove+0x30/0x58
  [  142.515501]  device_remove+0x54/0x90
  ...

Indeed, led_sysfs_enable() has to be called with the led_access
lock held.

Hold the lock when calling led_sysfs_disable().

CREATE(Triage):(User=admin) [CVE-2025-23144 (https://nvd.nist.gov/vuln/detail/CVE-2025-23144)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube