Detections
Analytics

CVE-2025-71111

medium

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors. Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions. Additionally, in store_fan_div, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data. Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts.

References

https://git.kernel.org/stable/c/f94800fbc26ccf7c81eb791707b038a57aa39a18

https://git.kernel.org/stable/c/f2b579a0c37c0df19603d719894a942a295f634a

https://git.kernel.org/stable/c/c8cf0c2bdcccc6634b6915ff793b844e12436680

https://git.kernel.org/stable/c/bf5b03227f2e6d4360004886d268f9df8993ef8f

https://git.kernel.org/stable/c/a9fb6e8835a22f5796c1182ed612daed3fd273af

https://git.kernel.org/stable/c/670d7ef945d3a84683594429aea6ab2cdfa5ceb4

https://git.kernel.org/stable/c/3dceb68f6ad33156032ef4da21a93d84059cca6d

Details

Source: Mitre, NVD

Published: 2026-01-14

Updated: 2026-01-19

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018