CVE-2025-40211

Linux Kernel - Use-After-Free in ACPI Video Brightness Switch Work

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ]

Scores

EPSS 0.0018
EPSS Percentile 7.1%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (25)
linux/Kernel 3.17.0 - 5.4.302linux
linux/Kernel 5.11.0 - 5.15.197linux
linux/Kernel 5.16.0 - 6.1.159linux
linux/Kernel 5.5.0 - 5.10.247linux
linux/Kernel 6.13.0 - 6.17.8linux
linux/Kernel 6.2.0 - 6.6.117linux
linux/Kernel 6.7.0 - 6.12.58linux
Linux/Linux < 3.17
Linux/Linux 3.17
Linux/Linux 5.10.247 - 5.10.*
... and 15 more
Published Nov 21, 2025
Tracked Since Feb 18, 2026