Expired Pointer Dereference Affecting rv package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS9-RV-14862779
- published5 Jan 2026
- disclosed5 Jan 2026
Introduced: 5 Jan 2026
NewCVE-2025-68758 (opens in a new tab)How to fix?
There is no fixed version for Centos:9 rv.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rv package and not the rv package as distributed by Centos.
See How to fix? for Centos:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
backlight: led-bl: Add devlink to supplier LEDs
LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device.
One consequence is that removal order is not correctly enforced.
Issues happen for example with the following sections in a device tree overlay:
// An LED driver chip pca9632@62 { compatible = "nxp,pca9632"; reg = <0x62>;// ...
addon_led_pwm: led-pwm@3 { reg = &lt;3&gt;; label = &#34;addon:led:pwm&#34;; };};
backlight-addon { compatible = "led-backlight"; leds = <&addon_led_pwm>; brightness-levels = <255>; default-brightness-level = <255>; };
In this example, the devlink should be created between the backlight-addon (consumer) and the pca9632@62 (supplier). Instead it is created between the backlight-addon (consumer) and the parent of the pca9632@62, which is typically the I2C bus adapter.
On removal of the above overlay, the LED driver can be removed before the backlight device, resulting in:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
...
Call trace:
led_put+0xe0/0x140
devm_led_release+0x6c/0x98
Another way to reproduce the bug without any device tree overlays is unbinding the LED class device (pca9632@62) before unbinding the consumer (backlight-addon):
echo 11-0062 >/sys/bus/i2c/drivers/leds-pca963x/unbind echo ...backlight-dock >/sys/bus/platform/drivers/led-backlight/unbind
Fix by adding a devlink between the consuming led-backlight device and the supplying LED device, as other drivers and subsystems do as well.
References
- https://access.redhat.com/security/cve/CVE-2025-68758
- https://git.kernel.org/stable/c/08c9dc6b0f2c68e5e7c374ac4499e321e435d46c
- https://git.kernel.org/stable/c/0e63ea4378489e09eb5e920c8a50c10caacf563a
- https://git.kernel.org/stable/c/60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9
- https://git.kernel.org/stable/c/9341d6698f4cfdfc374fb6944158d111ebe16a9d
- https://git.kernel.org/stable/c/30cbe4b642745a9488a0f0d78be43afe69d7555c
- https://git.kernel.org/stable/c/e06df738a9ad8417f1c4c7cd6992cda320e9e7ca
- https://git.kernel.org/stable/c/64739adf3eef063b8e2c72b7e919eac8c6480bf0
- https://git.kernel.org/stable/c/cd01a24b3e52d6777b49c917d841f125fe9eebd0