Memory Access Vulnerability in Linux Kernel Affects Multiple Architectures

CVE-2025-39715

What is CVE-2025-39715?

In the Linux kernel, a vulnerability has been identified where user code can exploit improper read access handling during LWS operations. Specifically, the vulnerability arises from the inability to trigger read access interruptions at privilege levels 2 and 3 due to the kernel and gateway page executing at privilege level 0. As a result, it allows unauthorized execution of compare and swap operations at addresses that should be read-protected. The fix involves enhancing the probing of read access rights at privilege level 3, ensuring any access violations are properly handled. This vulnerability highlights the importance of rigorous access control in memory operations to prevent potential exploitation by malicious actors.

References