SB2025070449 - NULL pointer dereference in Linux kernel video backlight driver
Published: July 4, 2025
Security Bulletin ID
SB2025070449
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1be2000b703b02e149f8f2061054489f6c18c972
- https://git.kernel.org/stable/c/21528806560510458378ea52c37e35b0773afaea
- https://git.kernel.org/stable/c/4a715be3fe80b68fa55cb3569af3d294be101626
- https://git.kernel.org/stable/c/6a56446595730a5e3f06a30902e23cb037d28146
- https://git.kernel.org/stable/c/9d06ac32c202142da40904180f2669ed4f5073ac
- https://git.kernel.org/stable/c/e12d3e1624a02706cdd3628bbf5668827214fa33
- https://git.kernel.org/stable/c/fde314445332015273c8f51d2659885c606fe135