Use-After-Free Vulnerability in Linux Kernel ACPI Video Component
CVE-2025-40211

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-40211?

A vulnerability in the ACPI video component of the Linux kernel has been identified, which can lead to a use-after-free condition. This issue arises when the switch_brightness_work deferred work accesses members device->brightness and device->backlight that have already been freed during the device removal process. The improper management of delayed work can cause dereferencing to invalid memory, resulting in potential crashes or other unintended behaviors. The vulnerability has been addressed by ensuring that all queued work is canceled before freeing the associated resources, thus preventing the dereferencing of freed pointers.

Affected Version(s)

Linux 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < 4e85246ec0d019dfba86ba54d841ef6694f97149

Linux 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Linux 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 < 293125536ef5521328815fa7c76d5f9eb1635659

References

https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d...

https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb74...

https://git.kernel.org/stable/c/293125536ef5521328815fa7c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Apr 16, 2025

JSON