VYPR
Medium severity5.5NVD Advisory· Published Sep 5, 2025· Updated Jun 17, 2026

CVE-2025-39716

CVE-2025-39716

Description

In the Linux kernel, the following vulnerability has been resolved:

parisc: Revise __get_user() to probe user read access

Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call.

Fix this by probing read access rights at privilege level 3 (PRIV_USER) and setting __gu_err to -EFAULT (-14) if access isn't allowed.

Note the cmpiclr instruction does a 32-bit compare because COND macro doesn't work inside asm.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel8 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.13,<6.1.149
    • cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
    • (no CPE)
    • (no CPE)range: 2.6.12
  • osv-coords
    Range: >= 2.6.12, < 6.1.149

Patches

Vulnerability mechanics

References

7

News mentions

1