Linux Kernel hwmon w83791d TOCTOU Race Condition Vulnerability

A vulnerability in the Linux kernel's hardware monitoring driver for the Winbond W83791D chip has been addressed. The issue arose because the macro FAN_FROM_REG was evaluated multiple times, leading to Time-of-Check to Time-of-Use (TOCTOU) race conditions in lockless contexts with shared driver data. This could potentially cause divide-by-zero errors. The vulnerability has been fixed by converting the macro into a static function, ensuring that arguments are evaluated only once. Additionally, the calculation of the minimum fan limit has been moved inside a data update lock to maintain consistency during read-modify-write operations.

Impact

The vulnerability could lead to race conditions, causing unexpected behavior in the driver, such as divide-by-zero errors, which could disrupt system stability or functionality.

Reproduction

The vulnerability can be reproduced by using the Winbond W83791D hardware monitoring driver in a lockless context where shared driver data is accessed. The FAN_FROM_REG macro, when evaluated multiple times, creates a TOCTOU race condition that can be exploited, potentially leading to a divide-by-zero error.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.