VYPR
Unrated severityNVD Advisory· Published Jan 14, 2026· Updated Feb 9, 2026

hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

CVE-2025-71111

Description

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors.

Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions.

Additionally, in store_fan_div, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data.

Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

104

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.