CVE-2025-39716
Description
In the Linux kernel, the following vulnerability has been resolved:
parisc: Revise __get_user() to probe user read access
Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call.
Fix this by probing read access rights at privilege level 3 (PRIV_USER) and setting __gu_err to -EFAULT (-14) if access isn't allowed.
Note the cmpiclr instruction does a 32-bit compare because COND macro doesn't work inside asm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, parisc __get_user() fails to trigger read access interruptions at privilege level 0, allowing user code to bypass read protection via system call.
Vulnerability
In the Linux kernel, the parisc architecture's __get_user() function does not trigger read access interruptions because it executes at privilege level 0, while interruptions only occur at levels 2 and 3. This allows a user to read from a read-protected address via a system call without triggering a fault.
Exploitation
An attacker with local user access to a parisc system can craft a system call that invokes __get_user() on a protected memory region. Since the kernel fails to generate a read access interruption, the read operation succeeds, bypassing the intended protection.
Impact
A local attacker can read arbitrary kernel memory that should be read-protected, potentially leaking sensitive information. The CVSS score of 5.5 (Medium) reflects this information disclosure.
Mitigation
The fix adds an explicit probe of read access rights at privilege level 3 (PRIV_USER) and sets __gu_err to -EFAULT if access is denied. The patch is applied in commits [2], [3], and [4] within the Linux kernel stable tree. Users should apply the latest kernel updates.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 2.6.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fenvdPatch
- git.kernel.org/stable/c/4c981077255acc2ed5b3df6e8dd0125c81b626a9nvdPatch
- git.kernel.org/stable/c/741b163e440683195b8fd4fc8495fcd0105c6ab7nvdPatch
- git.kernel.org/stable/c/89f686a0fb6e473a876a9a60a13aec67a62b9a7envdPatch
- git.kernel.org/stable/c/f410ef9a032caf98117256b22139c31342d7bb06nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories