CVE-2025-39715
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/09/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
parisc: Revise gateway LWS calls to probe user read access<br />
<br />
We use load and stbys,e instructions to trigger memory reference<br />
interruptions without writing to memory. Because of the way read<br />
access support is implemented, read access interruptions are only<br />
triggered at privilege levels 2 and 3. The kernel and gateway<br />
page execute at privilege level 0, so this code never triggers<br />
a read access interruption. Thus, it is currently possible for<br />
user code to execute a LWS compare and swap operation at an<br />
address that is read protected at privilege level 3 (PRIV_USER).<br />
<br />
Fix this by probing read access rights at privilege level 3 and<br />
branching to lws_fault if access isn&#39;t allowed.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/8bccf47adbf658293528e86960e6d6f736b1c9f7
- https://git.kernel.org/stable/c/9b6af875baba9c4679b55f4561e201485451305f
- https://git.kernel.org/stable/c/bc0a24c24ceebabb5ba65900e332233d79e625e6
- https://git.kernel.org/stable/c/e8b496c52aa0c6572d88db7cab85aeea6f9c194d
- https://git.kernel.org/stable/c/f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html