User Read Access Vulnerability in Linux Kernel by Linux Foundation
CVE-2025-39716

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39716?

A vulnerability has been identified in the Linux kernel that affects how user read access is managed. Specifically, the __get_user() function does not trigger read access interruptions due to the privilege level at which the kernel operates. This oversight allows for potential unauthorized access to read-protected addresses through system calls. To mitigate this risk, modifications have been made to ensure that read access rights are probed correctly at privilege level 3, preventing unauthorized access attempts and enhancing overall system security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 28a9b71671fb4a2993ef85b8ef6f117ea63894fe

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4c981077255acc2ed5b3df6e8dd0125c81b626a9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8e...

https://git.kernel.org/stable/c/4c981077255acc2ed5b3df6e8...

https://git.kernel.org/stable/c/f410ef9a032caf98117256b22...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025