Acknowledged
Created: Sep 7, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()[EOL][EOL]In the interrupt handler rain_interrupt(), the buffer full check on[EOL]rain->buf_len is performed before acquiring rain->buf_lock. This[EOL]creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as[EOL]rain->buf_len is concurrently accessed and modified in the work[EOL]handler rain_irq_work_handler() under the same lock.[EOL][EOL]Multiple interrupt invocations can race, with each reading buf_len[EOL]before it becomes full and then proceeding. This can lead to both[EOL]interrupts attempting to write to the buffer, incrementing buf_len[EOL]beyond its capacity (DATA_SIZE) and causing a buffer overflow.[EOL][EOL]Fix this bug by moving the spin_lock() to before the buffer full[EOL]check. This ensures that the check and the subsequent buffer modification[EOL]are performed atomically, preventing the race condition. An corresponding[EOL]spin_unlock() is added to the overflow path to correctly release the[EOL]lock.[EOL][EOL]This possible bug was found by an experimental static analysis tool[EOL]developed by our team.
CREATE(Triage):(User=admin) [CVE-2025-39713 (https://nvd.nist.gov/vuln/detail/CVE-2025-39713)
