{"id":"CVE-2025-71111","summary":"hwmon: (w83791d) Convert macros to functions to avoid TOCTOU","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83791d) Convert macros to functions to avoid TOCTOU\n\nThe macro FAN_FROM_REG evaluates its arguments multiple times. When used\nin lockless contexts involving shared driver data, this leads to\nTime-of-Check to Time-of-Use (TOCTOU) race conditions, potentially\ncausing divide-by-zero errors.\n\nConvert the macro to a static function. This guarantees that arguments\nare evaluated only once (pass-by-value), preventing the race\nconditions.\n\nAdditionally, in store_fan_div, move the calculation of the minimum\nlimit inside the update lock. This ensures that the read-modify-write\nsequence operates on consistent data.\n\nAdhere to the principle of minimal changes by only converting macros\nthat evaluate arguments multiple times and are used in lockless\ncontexts.","modified":"2026-04-16T00:06:58.737453195Z","published":"2026-01-14T15:05:58.649Z","related":["SUSE-SU-2026:0447-1","SUSE-SU-2026:0471-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20287-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71111.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3dceb68f6ad33156032ef4da21a93d84059cca6d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/670d7ef945d3a84683594429aea6ab2cdfa5ceb4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a9fb6e8835a22f5796c1182ed612daed3fd273af"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bf5b03227f2e6d4360004886d268f9df8993ef8f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8cf0c2bdcccc6634b6915ff793b844e12436680"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f2b579a0c37c0df19603d719894a942a295f634a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f94800fbc26ccf7c81eb791707b038a57aa39a18"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71111.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71111"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9873964d6eb24bd0205394f9b791de9eddbcb855"},{"fixed":"3dceb68f6ad33156032ef4da21a93d84059cca6d"},{"fixed":"bf5b03227f2e6d4360004886d268f9df8993ef8f"},{"fixed":"f2b579a0c37c0df19603d719894a942a295f634a"},{"fixed":"f94800fbc26ccf7c81eb791707b038a57aa39a18"},{"fixed":"a9fb6e8835a22f5796c1182ed612daed3fd273af"},{"fixed":"c8cf0c2bdcccc6634b6915ff793b844e12436680"},{"fixed":"670d7ef945d3a84683594429aea6ab2cdfa5ceb4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71111.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.18"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71111.json"}}],"schema_version":"1.7.5"}