Detections
Analytics

CVE-2025-40211

high

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ]

References

https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a

https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11

https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659

Details

Source: Mitre, NVD

Published: 2025-11-21

Updated: 2025-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00017