CVE-2025-39716

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39716
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39716.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39716
Downstream
Related
Published
2025-09-05T17:21:23.429Z
Modified
2026-03-20T12:43:01.292706Z
Summary
parisc: Revise __get_user() to probe user read access
Details

In the Linux kernel, the following vulnerability has been resolved:

parisc: Revise _getuser() to probe user read access

Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so _getuser() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call.

Fix this by probing read access rights at privilege level 3 (PRIV_USER) and setting _guerr to -EFAULT (-14) if access isn't allowed.

Note the cmpiclr instruction does a 32-bit compare because COND macro doesn't work inside asm.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39716.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
28a9b71671fb4a2993ef85b8ef6f117ea63894fe
Fixed
4c981077255acc2ed5b3df6e8dd0125c81b626a9
Fixed
f410ef9a032caf98117256b22139c31342d7bb06
Fixed
741b163e440683195b8fd4fc8495fcd0105c6ab7
Fixed
89f686a0fb6e473a876a9a60a13aec67a62b9a7e

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39716.json"