{"id":"CVE-2025-39716","summary":"parisc: Revise __get_user() to probe user read access","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Revise __get_user() to probe user read access\n\nBecause of the way read access support is implemented, read access\ninterruptions are only triggered at privilege levels 2 and 3. The\nkernel executes at privilege level 0, so __get_user() never triggers\na read access interruption (code 26). Thus, it is currently possible\nfor user code to access a read protected address via a system call.\n\nFix this by probing read access rights at privilege level 3 (PRIV_USER)\nand setting __gu_err to -EFAULT (-14) if access isn't allowed.\n\nNote the cmpiclr instruction does a 32-bit compare because COND macro\ndoesn't work inside asm.","modified":"2026-04-16T04:42:17.716083950Z","published":"2025-09-05T17:21:23.429Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39716.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c981077255acc2ed5b3df6e8dd0125c81b626a9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/741b163e440683195b8fd4fc8495fcd0105c6ab7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89f686a0fb6e473a876a9a60a13aec67a62b9a7e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f410ef9a032caf98117256b22139c31342d7bb06"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39716.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39716"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"28a9b71671fb4a2993ef85b8ef6f117ea63894fe"},{"fixed":"4c981077255acc2ed5b3df6e8dd0125c81b626a9"},{"fixed":"f410ef9a032caf98117256b22139c31342d7bb06"},{"fixed":"741b163e440683195b8fd4fc8495fcd0105c6ab7"},{"fixed":"89f686a0fb6e473a876a9a60a13aec67a62b9a7e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39716.json"}}],"schema_version":"1.7.5"}