{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38235", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.996Z", "datePublished": "2025-07-06T09:11:14.930Z", "dateUpdated": "2026-05-11T21:23:51.093Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:23:51.093Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appletb-kbd: fix \"appletb_backlight\" backlight device reference counting\n\nDuring appletb_kbd_probe, probe attempts to get the backlight device\nby name. When this happens backlight_device_get_by_name looks for a\ndevice in the backlight class which has name \"appletb_backlight\" and\nupon finding a match it increments the reference count for the device\nand returns it to the caller. However this reference is never released\nleading to a reference leak.\n\nFix this by decrementing the backlight device reference count on removal\nvia put_device and on probe failure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-appletb-kbd.c"], "versions": [{"version": "93a0fc48948107e0cc34e1de22c3cb363a8f2783", "lessThan": "751d5437112a3f387de4ef6d2d1c131068ff7627", "status": "affected", "versionType": "git"}, {"version": "93a0fc48948107e0cc34e1de22c3cb363a8f2783", "lessThan": "4540e41e753a7d69ecd3f5bad51fe620205c3a18", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-appletb-kbd.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.5", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.15.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/751d5437112a3f387de4ef6d2d1c131068ff7627"}, {"url": "https://git.kernel.org/stable/c/4540e41e753a7d69ecd3f5bad51fe620205c3a18"}], "title": "HID: appletb-kbd: fix \"appletb_backlight\" backlight device reference counting", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4823E88-411C-4CCD-AA8D-3917D070E873", "versionEndExcluding": "6.15.5", "versionStartIncluding": "6.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "09709862-E348-4378-8632-5A7813EDDC86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "415BF58A-8197-43F5-B3D7-D1D63057A26E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appletb-kbd: fix \"appletb_backlight\" backlight device reference counting\n\nDuring appletb_kbd_probe, probe attempts to get the backlight device\nby name. When this happens backlight_device_get_by_name looks for a\ndevice in the backlight class which has name \"appletb_backlight\" and\nupon finding a match it increments the reference count for the device\nand returns it to the caller. However this reference is never released\nleading to a reference leak.\n\nFix this by decrementing the backlight device reference count on removal\nvia put_device and on probe failure."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: appletb-kbd: correcci\u00f3n del conteo de referencias del dispositivo de retroiluminaci\u00f3n \"appletb_backlight\". Durante appletb_kbd_probe, la sonda intenta obtener el dispositivo de retroiluminaci\u00f3n por nombre. Cuando esto ocurre, backlight_device_get_by_name busca un dispositivo en la clase de retroiluminaci\u00f3n con el nombre \"appletb_backlight\" y, al encontrar una coincidencia, incrementa el conteo de referencias del dispositivo y lo devuelve al invocador. Sin embargo, esta referencia nunca se libera, lo que provoca una fuga de referencias. Para solucionar esto, disminuya el conteo de referencias del dispositivo de retroiluminaci\u00f3n al eliminarlo mediante put_device y si la sonda falla."}], "id": "CVE-2025-38235", "lastModified": "2025-11-18T16:03:43.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-06T10:15:24.223", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4540e41e753a7d69ecd3f5bad51fe620205c3a18"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/751d5437112a3f387de4ef6d2d1c131068ff7627"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: appletb-kbd: fix \"appletb_backlight\" backlight device reference counting", "id": "2376556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376556"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: appletb-kbd: fix \"appletb_backlight\" backlight device reference counting\nDuring appletb_kbd_probe, probe attempts to get the backlight device\nby name. When this happens backlight_device_get_by_name looks for a\ndevice in the backlight class which has name \"appletb_backlight\" and\nupon finding a match it increments the reference count for the device\nand returns it to the caller. However this reference is never released\nleading to a reference leak.\nFix this by decrementing the backlight device reference count on removal\nvia put_device and on probe failure."], "name": "CVE-2025-38235", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38235\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38235\nhttps://lore.kernel.org/linux-cve-announce/2025070619-CVE-2025-38235-0098@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-13T21:48:01.716372+00:00", "updated": "2025-07-13T21:48:01.716423+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}