{"id":"CVE-2025-40211","summary":"ACPI: video: Fix use-after-free in acpi_video_switch_brightness()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: Fix use-after-free in acpi_video_switch_brightness()\n\nThe switch_brightness_work delayed work accesses device-\u003ebrightness\nand device-\u003ebacklight, freed by acpi_video_dev_unregister_backlight()\nduring device removal.\n\nIf the work executes after acpi_video_bus_unregister_backlight()\nfrees these resources, it causes a use-after-free when\nacpi_video_switch_brightness() dereferences device-\u003ebrightness or\ndevice-\u003ebacklight.\n\nFix this by calling cancel_delayed_work_sync() for each device's\nswitch_brightness_work in acpi_video_bus_remove_notify_handler()\nafter removing the notify handler that queues the work. This ensures\nthe work completes before the memory is freed.\n\n[ rjw: Changelog edit ]","modified":"2026-04-02T12:48:19.324677Z","published":"2025-11-21T10:21:36.438Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40211.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40211.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40211"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7"},{"fixed":"3f803ccf5a0c043e7c8b83f6665b082401fc8bee"},{"fixed":"ba1704316492a0496c69334338ea1fdbf4c2fd34"},{"fixed":"bc78a4f51d548c1ccc3d1967c2b394bf687c86e9"},{"fixed":"a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9"},{"fixed":"4e85246ec0d019dfba86ba54d841ef6694f97149"},{"fixed":"de5fc93275a4a459fe2f7cb746984f2ab3e8292a"},{"fixed":"293125536ef5521328815fa7c76d5f9eb1635659"},{"fixed":"8f067aa59430266386b83c18b983ca583faa6a11"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40211.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.17.0"},{"fixed":"5.4.302"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.247"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.197"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.117"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.58"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40211.json"}}],"schema_version":"1.7.5"}