CVE-2025-71111
Published: Jan 14, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors. Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions. Additionally, in store_fan_div, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data. Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 9873964d6eb24bd0205394f9b791de9eddbcb855 - < 3dceb68f6ad33156032ef4da21a93d84059cca6daffected 9873964d6eb24bd0205394f9b791de9eddbcb855 - < bf5b03227f2e6d4360004886d268f9df8993ef8faffected 9873964d6eb24bd0205394f9b791de9eddbcb855 - < f2b579a0c37c0df19603d719894a942a295f634aaffected 9873964d6eb24bd0205394f9b791de9eddbcb855 - < f94800fbc26ccf7c81eb791707b038a57aa39a18affected 9873964d6eb24bd0205394f9b791de9eddbcb855 - < a9fb6e8835a22f5796c1182ed612daed3fd273af+2 more versions |
Linux | Linux | affected 2.6.18unaffected 0 - < 2.6.18unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now