CVE-2025-40211
Published: Nov 21, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ]
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 - < 3f803ccf5a0c043e7c8b83f6665b082401fc8beeaffected 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 - < ba1704316492a0496c69334338ea1fdbf4c2fd34affected 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 - < bc78a4f51d548c1ccc3d1967c2b394bf687c86e9affected 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 - < a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9affected 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 - < 4e85246ec0d019dfba86ba54d841ef6694f97149+3 more versions |
Linux | Linux | affected 3.17unaffected 0 - < 3.17unaffected 5.4.302 - <= 5.4.*unaffected 5.10.247 - <= 5.10.*unaffected 5.15.197 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now