{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39713","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.116Z","datePublished":"2025-09-05T17:21:20.459Z","dateUpdated":"2026-05-12T12:06:30.232Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:34:49.278Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()\n\nIn the interrupt handler rain_interrupt(), the buffer full check on\nrain->buf_len is performed before acquiring rain->buf_lock. This\ncreates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as\nrain->buf_len is concurrently accessed and modified in the work\nhandler rain_irq_work_handler() under the same lock.\n\nMultiple interrupt invocations can race, with each reading buf_len\nbefore it becomes full and then proceeding. This can lead to both\ninterrupts attempting to write to the buffer, incrementing buf_len\nbeyond its capacity (DATA_SIZE) and causing a buffer overflow.\n\nFix this bug by moving the spin_lock() to before the buffer full\ncheck. This ensures that the check and the subsequent buffer modification\nare performed atomically, preventing the race condition. An corresponding\nspin_unlock() is added to the overflow path to correctly release the\nlock.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/cec/usb/rainshadow/rainshadow-cec.c"],"versions":[{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"2964dbe631fd21ad7873b1752b895548d3c12496","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"6aaef1a75985865d8c6c5b65fb54152060faba48","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"fbc81e78d75bf28972bc22b1599559557b1a1b83","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"3c3e33b7edca7a2d6a96801f287f9faeb684d655","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"1c2769dc80255824542ea5a4ff1a07dcdeb1603f","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"ed905fe7cba03cf22ae0b84cf1b73cd1c070423a","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"ff9dd3db6cd4c6b54a2ecbc58151bea4ec63bc59","status":"affected","versionType":"git"},{"version":"0f314f6c2e77beb1a232be21dd6be4e1849ba5ac","lessThan":"7af160aea26c7dc9e6734d19306128cce156ec40","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/cec/usb/rainshadow/rainshadow-cec.c"],"versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","status":"unaffected","versionType":"semver"},{"version":"5.4.297","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.241","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.190","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.149","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.103","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.44","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.16.4","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.4.297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.10.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.15.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.1.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.6.103"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.12.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.16.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2964dbe631fd21ad7873b1752b895548d3c12496"},{"url":"https://git.kernel.org/stable/c/6aaef1a75985865d8c6c5b65fb54152060faba48"},{"url":"https://git.kernel.org/stable/c/fbc81e78d75bf28972bc22b1599559557b1a1b83"},{"url":"https://git.kernel.org/stable/c/3c3e33b7edca7a2d6a96801f287f9faeb684d655"},{"url":"https://git.kernel.org/stable/c/1c2769dc80255824542ea5a4ff1a07dcdeb1603f"},{"url":"https://git.kernel.org/stable/c/ed905fe7cba03cf22ae0b84cf1b73cd1c070423a"},{"url":"https://git.kernel.org/stable/c/ff9dd3db6cd4c6b54a2ecbc58151bea4ec63bc59"},{"url":"https://git.kernel.org/stable/c/7af160aea26c7dc9e6734d19306128cce156ec40"}],"title":"media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:42:39.229Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:06:30.232Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC CN 4100","versions":[{"status":"affected","version":"0","lessThan":"V5.0","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}]}]}}