CVE-2025-40211
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-21

Last updated on: 2025-12-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-21
Last Modified
2025-12-06
Generated
2026-06-16
AI Q&A
2025-11-21
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40211
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's ACPI video component. Specifically, a delayed work function called switch_brightness_work accesses device brightness and backlight resources that may have already been freed during device removal. If the delayed work runs after these resources are freed, it dereferences invalid memory, causing a use-after-free error. The fix involves ensuring the delayed work is canceled and completed before the resources are freed.

Impact Analysis

This vulnerability can lead to system instability or crashes due to the use-after-free error when the kernel accesses freed memory. It may also potentially be exploited to execute arbitrary code or cause denial of service, depending on the context and attacker capabilities.

Mitigation Strategies

Apply the patch or update to the fixed Linux kernel version that includes the fix for the use-after-free in acpi_video_switch_brightness(). This fix involves calling cancel_delayed_work_sync() for each device's switch_brightness_work to ensure the work completes before memory is freed, preventing the use-after-free condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart