CVE-2025-40211

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ACPI: video: Fix use-after-free in acpi_video_switch_brightness()<br /> <br /> The switch_brightness_work delayed work accesses device-&gt;brightness<br /> and device-&gt;backlight, freed by acpi_video_dev_unregister_backlight()<br /> during device removal.<br /> <br /> If the work executes after acpi_video_bus_unregister_backlight()<br /> frees these resources, it causes a use-after-free when<br /> acpi_video_switch_brightness() dereferences device-&gt;brightness or<br /> device-&gt;backlight.<br /> <br /> Fix this by calling cancel_delayed_work_sync() for each device&amp;#39;s<br /> switch_brightness_work in acpi_video_bus_remove_notify_handler()<br /> after removing the notify handler that queues the work. This ensures<br /> the work completes before the memory is freed.<br /> <br /> [ rjw: Changelog edit ]