CVE-2025-40124

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III<br /> <br /> Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios<br /> enabled resulted from copy_from_user() returning impossibly large values<br /> greater than the size to be copied. This lead to __copy_from_iter()<br /> returning impossible values instead of the actual number of bytes it was<br /> able to copy.<br /> <br /> The BUG_ON has been reported in<br /> https://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de<br /> <br /> The referenced commit introduced exception handlers on user-space memory<br /> references in copy_from_user and copy_to_user. These handlers return from<br /> the respective function and calculate the remaining bytes left to copy<br /> using the current register contents. The exception handlers expect that<br /> %o2 has already been masked during the bulk copy loop, but the masking was<br /> performed after that loop. This will fix the return value of copy_from_user<br /> and copy_to_user in the faulting case. The behaviour of memcpy stays<br /> unchanged.