-

CVE-2025-40211

EPSS 0.06%
Veröffentlicht 21.11.2025 10:21:36
Zuletzt bearbeitet 06.12.2025 22:15:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ACPI: video: Fix use-after-free in acpi_video_switch_brightness()

The switch_brightness_work delayed work accesses device->brightness
and device->backlight, freed by acpi_video_dev_unregister_backlight()
during device removal.

If the work executes after acpi_video_bus_unregister_backlight()
frees these resources, it causes a use-after-free when
acpi_video_switch_brightness() dereferences device->brightness or
device->backlight.

Fix this by calling cancel_delayed_work_sync() for each device's
switch_brightness_work in acpi_video_bus_remove_notify_handler()
after removing the notify handler that queues the work. This ensures
the work completes before the memory is freed.

[ rjw: Changelog edit ]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 3f803ccf5a0c043e7c8b83f6665b082401fc8bee

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < ba1704316492a0496c69334338ea1fdbf4c2fd34

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < bc78a4f51d548c1ccc3d1967c2b394bf687c86e9

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < 4e85246ec0d019dfba86ba54d841ef6694f97149

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < de5fc93275a4a459fe2f7cb746984f2ab3e8292a

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < 293125536ef5521328815fa7c76d5f9eb1635659

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

Version < 8f067aa59430266386b83c18b983ca583faa6a11

Version 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.17

Status affected

Version < 3.17

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a

https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659

https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11

https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149

https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee

https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9

https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34

https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9

https://nvd.nist.gov/vuln/detail/CVE-2025-40211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40211

EUVD