{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40211","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.179Z","datePublished":"2025-11-21T10:21:36.438Z","dateUpdated":"2026-05-11T21:44:54.867Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:44:54.867Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: Fix use-after-free in acpi_video_switch_brightness()\n\nThe switch_brightness_work delayed work accesses device->brightness\nand device->backlight, freed by acpi_video_dev_unregister_backlight()\nduring device removal.\n\nIf the work executes after acpi_video_bus_unregister_backlight()\nfrees these resources, it causes a use-after-free when\nacpi_video_switch_brightness() dereferences device->brightness or\ndevice->backlight.\n\nFix this by calling cancel_delayed_work_sync() for each device's\nswitch_brightness_work in acpi_video_bus_remove_notify_handler()\nafter removing the notify handler that queues the work. This ensures\nthe work completes before the memory is freed.\n\n[ rjw: Changelog edit ]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/acpi/acpi_video.c"],"versions":[{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"3f803ccf5a0c043e7c8b83f6665b082401fc8bee","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"ba1704316492a0496c69334338ea1fdbf4c2fd34","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"bc78a4f51d548c1ccc3d1967c2b394bf687c86e9","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"4e85246ec0d019dfba86ba54d841ef6694f97149","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"de5fc93275a4a459fe2f7cb746984f2ab3e8292a","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"293125536ef5521328815fa7c76d5f9eb1635659","status":"affected","versionType":"git"},{"version":"8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7","lessThan":"8f067aa59430266386b83c18b983ca583faa6a11","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/acpi/acpi_video.c"],"versions":[{"version":"3.17","status":"affected"},{"version":"0","lessThan":"3.17","status":"unaffected","versionType":"semver"},{"version":"5.4.302","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.247","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.197","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.117","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.58","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.8","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.4.302"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.10.247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.15.197"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.6.117"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.12.58"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.17.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee"},{"url":"https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34"},{"url":"https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9"},{"url":"https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9"},{"url":"https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149"},{"url":"https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a"},{"url":"https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659"},{"url":"https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11"}],"title":"ACPI: video: Fix use-after-free in acpi_video_switch_brightness()","x_generator":{"engine":"bippy-1.2.0"}}}}