CVE-2025-71111
Published: January 15, 2026Last modified: January 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors. Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions. Additionally, in store_fan_div, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data. Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.7 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.161-r0) |
| 25 LTS | linux-lts | Fixed (6.12.65-r0) | |
| Stream | linux-lts | Fixed (6.12.65-r0) |
References
- https://git.kernel.org/stable/c/3dceb68f6ad33156032ef4da21a93d84059cca6d
- https://git.kernel.org/stable/c/670d7ef945d3a84683594429aea6ab2cdfa5ceb4
- https://git.kernel.org/stable/c/a9fb6e8835a22f5796c1182ed612daed3fd273af
- https://git.kernel.org/stable/c/bf5b03227f2e6d4360004886d268f9df8993ef8f
- https://git.kernel.org/stable/c/c8cf0c2bdcccc6634b6915ff793b844e12436680
- https://git.kernel.org/stable/c/f2b579a0c37c0df19603d719894a942a295f634a
- https://git.kernel.org/stable/c/f94800fbc26ccf7c81eb791707b038a57aa39a18