CVE-2025-40211: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's ACPI video driver, specifically in the acpivideoswitch_brightness() function. The vulnerability was assigned CVE-2025-40211 and was publicly disclosed on November 21, 2025. The issue affects multiple versions of the Linux kernel, including Red Hat Enterprise Linux 8, 9, and 10 (Red Hat XML, NVD).

The vulnerability occurs when the switchbrightnesswork delayed work accesses device->brightness and device->backlight resources after they have been freed by acpivideodevunregisterbacklight() during device removal. This creates a use-after-free condition when acpivideoswitch_brightness() attempts to dereference these freed resources. Red Hat has assigned this vulnerability a CVSS v3.1 base score of 7.0 (High) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat XML).

The vulnerability could potentially lead to system crashes or memory corruption when the ACPI video driver is handling brightness switching operations. This affects systems where the ACPI video driver is in use for brightness control (NVD).

The issue has been fixed by calling canceldelayedworksync() for each device's switchbrightnesswork in acpivideobusremovenotifyhandler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. The fix is available in kernel version 6.17.8-1 and later (Debian Tracker).