CVE-2025-68758Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference40 documents8 sources
Severity
7.8HIGHOSV
OSV7.2
No vector
EPSS
0.1%
top 83.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJan 5
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections i

Affected Packages13 packages

Linuxlinux/linux_kernel5.6.05.10.248+6
Debianlinux/linux_kernel< 5.10.249-1+3
Ubuntulinux/linux_kernel< 5.15.0-173.183+1
CVEListV5linux/linuxae232e45acf9621f2c96b41ca3af006ac7552c3364739adf3eef063b8e2c72b7e919eac8c6480bf0+8
debiandebian/linux< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

16
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-azure, linux-azure-6.17 vulnerabilities2026-03-25
OSV
linux-intel-iot-realtime vulnerabilities2026-03-23

📋Vendor Advisories

21
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13

🕵️Threat Intelligence

2
Bleepingcomputer
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws2026-01-13
Wiz
CVE-2025-68758 Impact, Exploitability, and Mitigation Steps | Wiz