CVE-2025-39716
published 2025-09-05CVE-2025-39716: In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
parisc: Revise __get_user() to probe user read access
Because of the way read access support is implemented, read access
interruptions are only triggered at privilege levels 2 and 3. The
kernel executes at privilege level 0, so __get_user() never triggers
a read access interruption (code 26). Thus, it is currently possible
for user code to access a read protected address via a system call.
Fix this by probing read access rights at privilege level 3 (PRIV_USER)
and setting __gu_err to -EFAULT (-14) if access isn't allowed.
Note the cmpiclr instruction does a 32-bit compare because COND macro
doesn't work inside asm.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 28a9b71671fb4a2993ef85b8ef6f117ea63894fe | 28a9b71671fb4a2993ef85b8ef6f117ea63894fe |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4c981077255acc2ed5b3df6e8dd0125c81b626a9 | 4c981077255acc2ed5b3df6e8dd0125c81b626a9 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f410ef9a032caf98117256b22139c31342d7bb06 | f410ef9a032caf98117256b22139c31342d7bb06 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 741b163e440683195b8fd4fc8495fcd0105c6ab7 | 741b163e440683195b8fd4fc8495fcd0105c6ab7 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 89f686a0fb6e473a876a9a60a13aec67a62b9a7e | 89f686a0fb6e473a876a9a60a13aec67a62b9a7e |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.5-1 | 6.16.5-1 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 2.6.13 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 6.13 < 6.16.4 | 6.16.4 |
| linux | linux_kernel | >= 6.2 < 6.6.103 | 6.6.103 |
| linux | linux_kernel | >= 6.7 < 6.12.44 | 6.12.44 |
| msrc | azl3_kernel_6.6.96.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | linux-aws | — | — |
| ubuntu | linux-aws-6.8 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM