CVE-2025-40211
- Source
- https://cve.org/CVERecord?id=CVE-2025-40211
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40211.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40211
- Downstream
- Related
- Published
- 2025-11-21T10:21:36.438Z
- Modified
- 2026-03-12T02:18:24.958006Z
- Summary
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: Fix use-after-free in acpivideoswitch_brightness()
The switchbrightnesswork delayed work accesses device->brightness and device->backlight, freed by acpivideodevunregisterbacklight() during device removal.
If the work executes after acpivideobusunregisterbacklight() frees these resources, it causes a use-after-free when acpivideoswitch_brightness() dereferences device->brightness or device->backlight.
Fix this by calling canceldelayedworksync() for each device's switchbrightnesswork in acpivideobusremovenotifyhandler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed.
[ rjw: Changelog edit ]
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40211.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659
- https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee
- https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149
- https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11
- https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9
- https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34
- https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9
- https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40211.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40211
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7Fixed3f803ccf5a0c043e7c8b83f6665b082401fc8beeFixedba1704316492a0496c69334338ea1fdbf4c2fd34Fixedbc78a4f51d548c1ccc3d1967c2b394bf687c86e9Fixeda63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9Fixed4e85246ec0d019dfba86ba54d841ef6694f97149Fixedde5fc93275a4a459fe2f7cb746984f2ab3e8292aFixed293125536ef5521328815fa7c76d5f9eb1635659Fixed8f067aa59430266386b83c18b983ca583faa6a11
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.17.0Fixed5.4.302
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.247
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.197
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.159
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.117
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.58
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.8