CVE-2025-71111
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
The macro FAN_FROM_REG evaluates its arguments multiple times. When used
in lockless contexts involving shared driver data, this leads to
Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially
causing divide-by-zero errors.
Convert the macro to a static function. This guarantees that arguments
are evaluated only once (pass-by-value), preventing the race
conditions.
Additionally, in store_fan_div, move the calculation of the minimum
limit inside the update lock. This ensures that the read-modify-write
sequence operates on consistent data.
Adhere to the principle of minimal changes by only converting macros
that evaluate arguments multiple times and are used in lockless
contexts.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/3dceb68f6ad33156032ef4da21a93d84059cca6dhttps://git.kernel.org/stable/c/670d7ef945d3a84683594429aea6ab2cdfa5ceb4https://git.kernel.org/stable/c/a9fb6e8835a22f5796c1182ed612daed3fd273afhttps://git.kernel.org/stable/c/bf5b03227f2e6d4360004886d268f9df8993ef8fhttps://git.kernel.org/stable/c/c8cf0c2bdcccc6634b6915ff793b844e12436680https://git.kernel.org/stable/c/f2b579a0c37c0df19603d719894a942a295f634ahttps://git.kernel.org/stable/c/f94800fbc26ccf7c81eb791707b038a57aa39a18