CVE-2025-40211
ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
The switch_brightness_work delayed work accesses device->brightness
and device->backlight, freed by acpi_video_dev_unregister_backlight()
during device removal.
If the work executes after acpi_video_bus_unregister_backlight()
frees these resources, it causes a use-after-free when
acpi_video_switch_brightness() dereferences device->brightness or
device->backlight.
Fix this by calling cancel_delayed_work_sync() for each device's
switch_brightness_work in acpi_video_bus_remove_notify_handler()
after removing the notify handler that queues the work. This ensures
the work completes before the memory is freed.
[ rjw: Changelog edit ]
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8beehttps://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a