Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ]

INFO

Published Date :

2025-11-21T10:21:36.438Z

Last Modified :

2025-11-21T10:21:36.438Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40211 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40211.

URL Resource
https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659 cve-icon cve-icon
https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11 cve-icon cve-icon
https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025112140-CVE-2025-40211-465b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40211 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40211 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact