CVE-2025-39715
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's parisc architecture involves improper handling of read access interruptions. Specifically, user code can execute a load-with-store-conditional (LWS) compare and swap operation at an address that should be read-protected at user privilege level (level 3). This happens because the kernel only triggers read access interruptions at privilege levels 2 and 3, but the kernel and gateway page run at privilege level 0, so the protection is bypassed. The fix involves checking read access rights at privilege level 3 and branching to a fault handler if access is not allowed.
How can this vulnerability impact me? :
This vulnerability could allow user-level code to perform operations on memory addresses that should be protected, potentially leading to unauthorized memory access or manipulation. This could compromise system security by allowing escalation of privileges or bypassing memory protection mechanisms.