Overview
CVE-2025-40211 describes a use-after-free vulnerability in the ACPI video driver of the Linux kernel. This flaw, if exploited, could lead to system instability, crashes, or potentially arbitrary code execution. The vulnerability stems from the improper handling of brightness switching work queues during device removal. A fix has been implemented to address this issue, and users are strongly advised to update their kernels.
Technical Details
The vulnerability lies within the acpi_video_switch_brightness() function, which is triggered by a delayed work queue (switch_brightness_work). When a video device is unregistered (acpi_video_dev_unregister_backlight()), the device->brightness and device->backlight structures are freed. However, if the delayed work queue executes *after* these resources are freed, acpi_video_switch_brightness() attempts to dereference these freed pointers, leading to a use-after-free condition.
Specifically, the problem occurs when the acpi_video_bus_unregister_backlight() frees memory but the switch_brightness_work is still pending. The work queue is scheduled via the ACPI notify handler, and the removal of the handler did not synchronize with the execution of any pending work items.
The fix implemented addresses this by explicitly canceling and waiting for the completion of the delayed work queue before freeing the associated resources during device removal. This is achieved by calling cancel_delayed_work_sync() for each device’s switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler.
CVSS Analysis
Currently, the Common Vulnerability Scoring System (CVSS) score for CVE-2025-40211 is not available (N/A). However, given that it is a use-after-free vulnerability in the kernel, it’s likely to be classified as a medium-to-high severity issue, depending on the exploitability and potential impact on system stability and security.
Possible Impact
A successful exploit of CVE-2025-40211 could lead to the following:
- System Crash: The use-after-free can corrupt memory and cause the kernel to crash, resulting in a denial-of-service.
- Privilege Escalation: While not explicitly stated, use-after-free vulnerabilities can sometimes be leveraged to gain elevated privileges on the system.
- Arbitrary Code Execution: In some scenarios, an attacker might be able to manipulate the freed memory in a way that allows them to execute arbitrary code within the kernel context.
- System Instability: Unpredictable behavior and unexpected errors.
Mitigation or Patch Steps
The recommended mitigation for CVE-2025-40211 is to update your Linux kernel to a version containing the fix. The fix is present in the following commits:
- https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659
- https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11
- https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a
Check with your distribution vendor for specific kernel updates that include this fix. Applying security updates as soon as they are available is crucial for maintaining system security.
