CVE-2025-40124
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40124
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40124.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40124
- Downstream
- Published
- 2025-11-12T10:23:19.861Z
- Modified
- 2025-11-28T02:35:44.874903Z
- Summary
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
sparc: fix accurate exception reporting in copy{fromto}_user for UltraSPARC III
Anthony Yznaga tracked down that a BUGON in ext4 code with large folios enabled resulted from copyfromuser() returning impossibly large values greater than the size to be copied. This lead to _copyfromiter() returning impossible values instead of the actual number of bytes it was able to copy.
The BUG_ON has been reported in https://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de
The referenced commit introduced exception handlers on user-space memory references in copyfromuser and copytouser. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. The exception handlers expect that %o2 has already been masked during the bulk copy loop, but the masking was performed after that loop. This will fix the return value of copyfromuser and copytouser in the faulting case. The behaviour of memcpy stays unchanged.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40124.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1198077606aeffb102587c6ea079ce99641c99d4
- https://git.kernel.org/stable/c/1857cdca12c4aff58bf26a7005a4d02850c29927
- https://git.kernel.org/stable/c/47b49c06eb62504075f0f2e2227aee2e2c2a58b3
- https://git.kernel.org/stable/c/5ef9c94d7110e90260c06868cf1dcf899b9f25ee
- https://git.kernel.org/stable/c/91eda032eb16e5d2be27c95584665bc555bb5a90
- https://git.kernel.org/stable/c/dc766c4830a7e1e1ee9d7f77d4ab344f2eb23c8e
- https://git.kernel.org/stable/c/e50377c6b3f278c9f3ef017ffce17f5fcc9dace4
- https://git.kernel.org/stable/c/fdd43fe6d286f27b826572457a89c926f97e2d3a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40124.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40124
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedee841d0aff649164080e445e84885015958d8ff4Fixedfdd43fe6d286f27b826572457a89c926f97e2d3aFixed1198077606aeffb102587c6ea079ce99641c99d4Fixed1857cdca12c4aff58bf26a7005a4d02850c29927Fixed91eda032eb16e5d2be27c95584665bc555bb5a90Fixeddc766c4830a7e1e1ee9d7f77d4ab344f2eb23c8eFixed5ef9c94d7110e90260c06868cf1dcf899b9f25eeFixede50377c6b3f278c9f3ef017ffce17f5fcc9dace4Fixed47b49c06eb62504075f0f2e2227aee2e2c2a58b3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected1c7e17b1c4d60cc5aa575460f7efb73686dd3b39Last affectedac663c54f40b2830b1ca32d1ae9d683fe248b14c
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.9.0Fixed5.4.301
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.246
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.195
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.156
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.112
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.53
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.3