{"id":"CVE-2025-39716","summary":"parisc: Revise __get_user() to probe user read access","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Revise __get_user() to probe user read access\n\nBecause of the way read access support is implemented, read access\ninterruptions are only triggered at privilege levels 2 and 3. The\nkernel executes at privilege level 0, so __get_user() never triggers\na read access interruption (code 26). Thus, it is currently possible\nfor user code to access a read protected address via a system call.\n\nFix this by probing read access rights at privilege level 3 (PRIV_USER)\nand setting __gu_err to -EFAULT (-14) if access isn't allowed.\n\nNote the cmpiclr instruction does a 32-bit compare because COND macro\ndoesn't work inside asm.","modified":"2026-05-15T11:54:16.860947043Z","published":"2025-09-05T17:21:23.429Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39716.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"},{"type":"WEB","url":"https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c981077255acc2ed5b3df6e8dd0125c81b626a9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/741b163e440683195b8fd4fc8495fcd0105c6ab7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89f686a0fb6e473a876a9a60a13aec67a62b9a7e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f410ef9a032caf98117256b22139c31342d7bb06"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39716.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39716"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.12"},{"fixed":"6.1.149"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.103"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.44"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.16.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39716.json"}}],"schema_version":"1.7.5"}