Home

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ]

PUBLISHED Reserved 2025-04-16 | Published 2025-11-21 | Updated 2025-12-06 | Assigner Linux

Product status

Default status
unaffected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before 3f803ccf5a0c043e7c8b83f6665b082401fc8bee
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before ba1704316492a0496c69334338ea1fdbf4c2fd34
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before bc78a4f51d548c1ccc3d1967c2b394bf687c86e9
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before 4e85246ec0d019dfba86ba54d841ef6694f97149
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before de5fc93275a4a459fe2f7cb746984f2ab3e8292a
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before 293125536ef5521328815fa7c76d5f9eb1635659
affected

8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 (git) before 8f067aa59430266386b83c18b983ca583faa6a11
affected

Default status
affected

3.17
affected

Any version before 3.17
unaffected

5.4.302 (semver)
unaffected

5.10.247 (semver)
unaffected

5.15.197 (semver)
unaffected

6.1.159 (semver)
unaffected

6.6.117 (semver)
unaffected

6.12.58 (semver)
unaffected

6.17.8 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee

git.kernel.org/...c/ba1704316492a0496c69334338ea1fdbf4c2fd34

git.kernel.org/...c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9

git.kernel.org/...c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9

git.kernel.org/...c/4e85246ec0d019dfba86ba54d841ef6694f97149

git.kernel.org/...c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a

git.kernel.org/...c/293125536ef5521328815fa7c76d5f9eb1635659

git.kernel.org/...c/8f067aa59430266386b83c18b983ca583faa6a11

cve.org (CVE-2025-40211)

nvd.nist.gov (CVE-2025-40211)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.