Time-of-Check to Time-of-Use Race Condition in Linux Kernel's Rainshadow-CEC
CVE-2025-39713
What is CVE-2025-39713?
A race condition exists in the Linux kernel's rainshadow-cec module due to improper handling of buffer length checks in the interrupt handler. The vulnerability arises from the evaluation of the buffer’s full status before acquiring the necessary lock, allowing multiple interrupts to concurrently access and modify the buffer length variable. This racing leads to potential buffer overflow as multiple writes can exceed the allocated buffer size, compromising system integrity. The issue has been addressed by rearranging the locking mechanism to ensure that both the check and the buffer modification occur atomically, thus mitigating the risk of overflowing the buffer.
Affected Version(s)
Linux 0f314f6c2e77beb1a232be21dd6be4e1849ba5ac < 2964dbe631fd21ad7873b1752b895548d3c12496
Linux 0f314f6c2e77beb1a232be21dd6be4e1849ba5ac < 6aaef1a75985865d8c6c5b65fb54152060faba48
Linux 0f314f6c2e77beb1a232be21dd6be4e1849ba5ac