CVE-2025-40211
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal.
If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight.
Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed.
[ rjw: Changelog edit ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < 3f803ccf5a0c043e7c8b83f6665b082401fc8bee | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < ba1704316492a0496c69334338ea1fdbf4c2fd34 | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < bc78a4f51d548c1ccc3d1967c2b394bf687c86e9 | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9 | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < 4e85246ec0d019dfba86ba54d841ef6694f97149 | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < de5fc93275a4a459fe2f7cb746984f2ab3e8292a | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < 293125536ef5521328815fa7c76d5f9eb1635659 | affected |
| Linux | Linux | 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < 8f067aa59430266386b83c18b983ca583faa6a11 | affected |
| Linux | Linux | 3.17 | affected |
| Linux | Linux | 0 < 3.17 | unaffected |
| Linux | Linux | 5.4.302 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.247 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.197 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.159 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.117 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.58 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.8 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee
- https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34
- https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9
- https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9
- https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149
- https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a
- https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659
- https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.