CVE-2025-39713 — Time-of-check Time-of-use (TOCTOU) Race Condition in Linux
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 98.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 5
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
In the interrupt handler rain_interrupt(), the buffer full check on
rain->buf_len is performed before acquiring rain->buf_lock. This
creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as
rain->buf_len is concurrently accessed and modified in the work
handler rain_irq_work_handler() under the same lock.
Multiple interrupt invocations can race, wi…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux0f314f6c2e77beb1a232be21dd6be4e1849ba5ac — 2964dbe631fd21ad7873b1752b895548d3c12496+8
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-39713: In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interr↗2025-09-05
GHSA▶
GHSA-pf4v-7q2j-5rw9: In the Linux kernel, the following vulnerability has been resolved:
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
In the inte↗2025-09-05