CVE-2025-23144 is a vulnerability identified in the Linux kernel, specifically within the backlight LED driver subsystem (led_bl). The issue arises from improper locking mechanisms when calling the function led_sysfs_disable(). The Linux kernel's lock dependency checker (lockdep) has detected that led_sysfs_enable() must be called while holding the led_access lock to ensure thread safety and prevent race conditions. However, the vulnerability stems from led_sysfs_disable() being called without holding this lock, which can lead to inconsistent states or race conditions during the removal of the LED backlight device. The kernel log snippet included in the description shows a warning triggered by lockdep, indicating a potential deadlock or concurrency issue during device removal. The root cause is that led_sysfs_enable() and led_sysfs_disable() must both be called with the led_access lock held to maintain synchronization, but the latter was not properly protected. This vulnerability affects multiple versions of the Linux kernel identified by the same commit hash, suggesting a systemic issue in the affected codebase. Although no known exploits are currently reported in the wild, the flaw could potentially be leveraged to cause kernel instability or denial of service by triggering race conditions or deadlocks in the LED backlight driver. The fix involves ensuring the led_access lock is held when calling led_sysfs_disable(), aligning with the locking discipline already required for led_sysfs_enable().

For European organizations relying on Linux-based systems, this vulnerability could impact the stability and reliability of devices using the affected LED backlight drivers. This includes embedded systems, IoT devices, laptops, and servers running Linux kernels with the vulnerable code. Exploitation could lead to kernel warnings, deadlocks, or crashes, resulting in denial of service conditions. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact could disrupt critical services, especially in sectors like manufacturing, telecommunications, and critical infrastructure where Linux is prevalent. The lack of known exploits reduces immediate risk, but the vulnerability's presence in the kernel means that any device running an affected kernel version is potentially susceptible to stability issues. European organizations with large Linux deployments, particularly those using custom or older kernels that have not been patched, are at risk of encountering system instability or service interruptions.

European organizations should prioritize updating their Linux kernels to versions where this vulnerability has been patched, ensuring that the led_access lock is properly held during led_sysfs_disable() calls. For environments where immediate kernel upgrades are not feasible, organizations should audit their kernel versions and backlight driver usage to assess exposure. System administrators should monitor kernel logs for lockdep warnings related to led_sysfs_enable or led_sysfs_disable functions as indicators of potential exploitation or instability. Additionally, organizations should implement rigorous testing of kernel updates in staging environments to validate stability before deployment. For embedded and IoT devices, vendors should be contacted to confirm patch availability or firmware updates addressing this issue. Employing kernel lockdown features and restricting unprivileged users from triggering device removals or modifications can reduce the risk of exploitation. Finally, maintaining robust backup and recovery procedures will mitigate the impact of potential denial of service caused by this vulnerability.