CVE-2025-39715— parisc: Revise gateway LWS calls to probe user read access
Affected Version Matrix 12
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d0585d742ff2d82accd26c661c60a6d260429c4a< e8b496c52aa0c6572d88db7cab85aeea6f9c194d | affected |
d0585d742ff2d82accd26c661c60a6d260429c4a< 8bccf47adbf658293528e86960e6d6f736b1c9f7 | affected | ||
d0585d742ff2d82accd26c661c60a6d260429c4a< bc0a24c24ceebabb5ba65900e332233d79e625e6 | affected | ||
d0585d742ff2d82accd26c661c60a6d260429c4a< 9b6af875baba9c4679b55f4561e201485451305f | affected | ||
d0585d742ff2d82accd26c661c60a6d260429c4a< f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8 | affected | ||
5.17 | affected | ||
< 5.17 | unaffected | ||
6.1.149≤ 6.1.* | unaffected | ||
| … +4 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-39715
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
parisc: Revise gateway LWS calls to probe user read access
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel and gateway page execute at privilege level 0, so this code never triggers a read access interruption. Thus, it is currently possible for user code to execute a LWS compare and swap operation at an address that is read protected at privilege level 3 (PRIV_USER). Fix this by probing read access rights at privilege level 3 and branching to lws_fault if access isn't allowed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确探测用户读取权限,可能导致特权提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-39715
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-39715
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-09-05 · 60 CVEs total
| CVE-2025-39706 | drm/amdkfd: Destroy KFD debugfs after destroy KFD wq | |
| CVE-2025-39725 | mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list | |
| CVE-2025-39722 | crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP | |
| CVE-2025-39721 | crypto: qat - flush misc workqueue during device shutdown | |
| CVE-2025-39720 | ksmbd: fix refcount leak causing resource not released | |
| CVE-2025-39723 | netfs: Fix unbuffered write error handling | |
| CVE-2025-39710 | media: venus: Add a check for packet size after reading from shared memory | |
| CVE-2025-39709 | media: venus: protect against spurious interrupts during probe | |
| CVE-2025-39708 | media: iris: Fix NULL pointer dereference | |
| CVE-2025-39707 | drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities | |
| CVE-2025-39711 | media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls | |
| CVE-2025-39705 | drm/amd/display: fix a Null pointer dereference vulnerability | |
| CVE-2025-39704 | LoongArch: KVM: Fix stack protector issue in send_ipi_data() | |
| CVE-2025-39703 | net, hsr: reject HSR frame if skb can't hold tag | |
| CVE-2025-39702 | ipv6: sr: Fix MAC comparison to be constant-time | |
| CVE-2025-39701 | ACPI: pfr_update: Fix the driver update version check | |
| CVE-2025-39700 | mm/damon/ops-common: ignore migration request to invalid nodes | |
| CVE-2025-39699 | iommu/riscv: prevent NULL deref in iova_to_phys | |
| CVE-2025-39698 | io_uring/futex: ensure io_futex_wait() cleans up properly on failure | |
| CVE-2025-39697 | NFS: Fix a race when updating an existing write |
Showing top 20 of 60 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2025-39715
No comments yet