| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025112140-CVE-2025-40211-465b@gregkh> Date: Fri, 21 Nov 2025 11:21:41 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40211: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during device removal. If the work executes after acpi_video_bus_unregister_backlight() frees these resources, it causes a use-after-free when acpi_video_switch_brightness() dereferences device->brightness or device->backlight. Fix this by calling cancel_delayed_work_sync() for each device's switch_brightness_work in acpi_video_bus_remove_notify_handler() after removing the notify handler that queues the work. This ensures the work completes before the memory is freed. [ rjw: Changelog edit ] The Linux kernel CVE team has assigned CVE-2025-40211 to this issue. Affected and fixed versions =========================== Issue introduced in 3.17 with commit 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 and fixed in 6.12.58 with commit de5fc93275a4a459fe2f7cb746984f2ab3e8292a Issue introduced in 3.17 with commit 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 and fixed in 6.17.8 with commit 293125536ef5521328815fa7c76d5f9eb1635659 Issue introduced in 3.17 with commit 8ab58e8e7e097bae5fe39cbc67eb93a91f7134b7 and fixed in 6.18-rc4 with commit 8f067aa59430266386b83c18b983ca583faa6a11 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40211 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/acpi/acpi_video.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659 https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11
Powered by blists - more mailing lists