DEBIAN-CVE-2025-71111
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (TOCTOU) race conditions, potentially causing divide-by-zero errors. Convert the macro to a static function. This guarantees that arguments are evaluated only once (pass-by-value), preventing the race conditions. Additionally, in store_fan_div, move the calculation of the minimum limit inside the update lock. This ensures that the read-modify-write sequence operates on consistent data. Adhere to the principle of minimal changes by only converting macros that evaluate arguments multiple times and are used in lockless contexts.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | 6.1.137-1, 6.1.140-1~deb11u1, 6.1.128-1~deb11u1 |
| Debian:11 | linux | 5.10.149-1, 5.10.113-1, 5.10.120-1 |
| Debian:12 | linux | *, 6.1.140-1, 6.1.133-1 |
| Debian:14 | linux | *, 6.12.41-1, 6.12.48-1 |
| Debian:13 | linux | 6.12.69-1, 6.12.63-1, 6.12.63-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Jan 14, 2026 CVE Published
- Apr 28, 2026 CVE Updated