CVE-2025-38217

EPSS 0.03%
Published 04.07.2025 13:37:34
Last modified 08.07.2025 16:18:53
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ftsteutates) Fix TOCTOU race in fts_read()

In the fts_read() function, when handling hwmon_pwm_auto_channels_temp,
the code accesses the shared variable data->fan_source[channel] twice
without holding any locks. It is first checked against
FTS_FAN_SOURCE_INVALID, and if the check passes, it is read again
when used as an argument to the BIT() macro.

This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.
Another thread executing fts_update_device() can modify the value of
data->fan_source[channel] between the check and its use. If the value
is changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the
BIT() macro will be called with a large shift value (BIT(255)).
A bit shift by a value greater than or equal to the type width is
undefined behavior and can lead to a crash or incorrect values being
returned to userspace.

Fix this by reading data->fan_source[channel] into a local variable
once, eliminating the race condition. Additionally, add a bounds check
to ensure the value is less than BITS_PER_LONG before passing it to
the BIT() macro, making the code more robust against undefined behavior.

This possible bug was found by an experimental static analysis tool
developed by our team.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < d95d87841d2a575bed3691884e8fedef57d7710d

Version 1c5759d8ce054961b454af69568a41e7e3210ee1

Status affected

Version < 83e2ba8971ccd8fc08319fc7593288f070d80a76

Version 1c5759d8ce054961b454af69568a41e7e3210ee1

Status affected

Version < 4d646f627d3b7ed1cacca66e598af8bcd632d465

Version 1c5759d8ce054961b454af69568a41e7e3210ee1

Status affected

Version < 14c9ede9ca4cd078ad76a6ab9617b81074eb58bf

Version 1c5759d8ce054961b454af69568a41e7e3210ee1

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.3

Status affected

Version < 6.3

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/d95d87841d2a575bed3691884e8fedef57d7710d

https://git.kernel.org/stable/c/83e2ba8971ccd8fc08319fc7593288f070d80a76

https://git.kernel.org/stable/c/4d646f627d3b7ed1cacca66e598af8bcd632d465

https://git.kernel.org/stable/c/14c9ede9ca4cd078ad76a6ab9617b81074eb58bf

https://nvd.nist.gov/vuln/detail/CVE-2025-38217

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38217

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38217

EUVD