CVE-2025-71111
- Source
- https://cve.org/CVERecord?id=CVE-2025-71111
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71111.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-71111
- Downstream
- Related
- Published
- 2026-01-14T15:05:58.649Z
- Modified
- 2026-03-20T12:46:37.097333Z
- Summary
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors.
Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions.
Additionally, in storefandiv, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data.
Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71111.json" }- References
-
- https://git.kernel.org/stable/c/3dceb68f6ad33156032ef4da21a93d84059cca6d
- https://git.kernel.org/stable/c/670d7ef945d3a84683594429aea6ab2cdfa5ceb4
- https://git.kernel.org/stable/c/a9fb6e8835a22f5796c1182ed612daed3fd273af
- https://git.kernel.org/stable/c/bf5b03227f2e6d4360004886d268f9df8993ef8f
- https://git.kernel.org/stable/c/c8cf0c2bdcccc6634b6915ff793b844e12436680
- https://git.kernel.org/stable/c/f2b579a0c37c0df19603d719894a942a295f634a
- https://git.kernel.org/stable/c/f94800fbc26ccf7c81eb791707b038a57aa39a18
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71111.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-71111
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9873964d6eb24bd0205394f9b791de9eddbcb855Fixed3dceb68f6ad33156032ef4da21a93d84059cca6dFixedbf5b03227f2e6d4360004886d268f9df8993ef8fFixedf2b579a0c37c0df19603d719894a942a295f634aFixedf94800fbc26ccf7c81eb791707b038a57aa39a18Fixeda9fb6e8835a22f5796c1182ed612daed3fd273afFixedc8cf0c2bdcccc6634b6915ff793b844e12436680Fixed670d7ef945d3a84683594429aea6ab2cdfa5ceb4
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.18Fixed5.10.248
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.198
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.160
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.120
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.64
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.3