CVE-2025-39716
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's parisc architecture where the __get_user() function does not properly check read access permissions at the correct privilege level. Because read access interruptions are only triggered at privilege levels 2 and 3, and the kernel runs at privilege level 0, __get_user() fails to trigger a read access interruption when user code tries to read protected memory addresses via a system call. This allows user code to access read-protected addresses improperly. The fix involves probing read access rights at privilege level 3 and returning an error if access is not allowed.
How can this vulnerability impact me? :
This vulnerability can allow user-level code to read memory addresses that should be protected, potentially exposing sensitive kernel memory contents or other protected data. This unauthorized read access could lead to information disclosure or other security issues depending on what data is accessed.