CVE-2025-71111 in Kernelinfo

Summary

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

The macro FAN_FROM_REG evaluates its arguments multiple times. When used
in lockless contexts involving shared driver data, this leads to
Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially
causing divide-by-zero errors.

Convert the macro to a static function. This guarantees that arguments
are evaluated only once (pass-by-value), preventing the race
conditions.

Additionally, in store_fan_div, move the calculation of the minimum
limit inside the update lock. This ensures that the read-modify-write
sequence operates on consistent data.

Adhere to the principle of minimal changes by only converting macros
that evaluate arguments multiple times and are used in lockless
contexts.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Linux

Reservation

01/13/2026

Disclosure

01/14/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
341067	Linux Kernel hwmon race condition	362	Not defined	Official fix	CVE-2025-71111

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!