CVE-2025-40112
Description
In the Linux kernel, the following vulnerability has been resolved:
sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara
The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations and a broken epilogue in the exception handlers. This will prevent crashes and ensure correct return values of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A fix in the Linux kernel for SPARC Niagara corrects exception handlers in copy_from_user and copy_to_user, preventing crashes and ensuring accurate return values on fault.
Vulnerability
Description
CVE-2025-40112 addresses a bug in the Linux kernel's SPARC architecture, specifically for Niagara processors. The issue lies in the exception handlers added to copy_from_user and copy_to_user functions. These handlers are invoked when a fault occurs during user-space memory access, and they are responsible for calculating the number of bytes not-yet-copied bytes and returning from the function. However, the initial implementation contained bad calculations and a broken epilogue in the exception handlers, leading to incorrect return values and potential system crashes [1][2][2][3].
Exploitation and
Impact
An attacker who can trigger a fault during a copy operation from or to user space could exploit this flaw. The incorrect exception handling could cause the kernel to miscalculate the number of bytes not copied, potentially leading to memory corruption or information leaks. The vulnerability could be triggered by a user-space program that causes a page fault during a copy operation, for example by accessing an invalid memory region. The impact includes system instability (crashes) and incorrect return values from the copy functions, which could be leveraged for further exploitation [1][2][3].
Mitigation
The fix is included in the Linux kernel stable tree. Users should apply the relevant kernel patches to ensure correct exception handling on SPARC Niagara systems. The memcpy function is not affected by this issue [1][2][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
805440320ea3e7823fc4d8ab537547d8e6ebaa365ee556e458cdeb5e482d3a90ce516a73d088c5098ec6d0b67c8fc10b1Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/05440320ea3e249d5f984918f2bf51210c1a7c03nvd
- git.kernel.org/stable/c/088c5098ec6d6b0396edfbf3dad3e81de8469c1cnvd
- git.kernel.org/stable/c/0b67c8fc10b13a9090340c5f8a37d308f4e1571cnvd
- git.kernel.org/stable/c/37547d8e6eba87507279ee3dfddfd9dc46335454nvd
- git.kernel.org/stable/c/7823fc4d8ab5e57f8db7806ff2530c03c166c4bbnvd
- git.kernel.org/stable/c/8cdeb5e482d3fdce7e825444b6ca3865e24c0228nvd
- git.kernel.org/stable/c/a365ee556e45f780ee322b349a06efdad0c1458fnvd
- git.kernel.org/stable/c/a90ce516a73dbe087f9bf3dbf311301a58d125c6nvd
News mentions
0No linked articles in our index yet.