CVE-2025-39716 – This CVE-2025-39716 is a privilege escalation v... (How to Fix)

Q: What is the severity of CVE-2025-39716?

CVE-2025-39716 has a CVSS score of 5.5 (MEDIUM). This CVE-2025-39716 is a privilege escalation vulnerability in the Linux kernel's parisc architecture implementation. It allows user-space programs to bypass memory read protection by exploiting a flaw in the __get_user() function, which fails to properly validate read access rights at the correct privilege level. Systems running Linux kernels with parisc architecture support are affected.

📋 TL;DR

This CVE-2025-39716 is a privilege escalation vulnerability in the Linux kernel's parisc architecture implementation. It allows user-space programs to bypass memory read protection by exploiting a flaw in the __get_user() function, which fails to properly validate read access rights at the correct privilege level. Systems running Linux kernels with parisc architecture support are affected.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions before the fix commits (specific versions depend on kernel distribution)

Operating Systems: Linux distributions with parisc architecture support

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using parisc (PA-RISC) architecture. x86, ARM, and other architectures are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read kernel memory or protected user-space memory, potentially leading to information disclosure, privilege escalation, or bypassing security boundaries.

🟠

Likely Case

Information disclosure from kernel or protected memory regions, potentially exposing sensitive data or system information.

🟢

If Mitigated

With proper access controls and kernel hardening, impact is limited to potential information disclosure from accessible memory regions.

🌐 Internet-Facing: LOW - Requires local access and specific parisc architecture, making remote exploitation unlikely.

🏢 Internal Only: MEDIUM - Local attackers could exploit this to escalate privileges or access protected memory on vulnerable parisc systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of parisc architecture specifics. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 28a9b71671fb4a2993ef85b8ef6f117ea63894fe, 4c981077255acc2ed5b3df6e8dd0125c81b626a9, 741b163e440683195b8fd4fc8495fcd0105c6ab7, 89f686a0fb6e473a876a9a60a13aec67a62b9a7e, f410ef9a032caf98117256b22139c31342d7bb06

Vendor Advisory: https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fe

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict local user access

all

Limit access to systems with parisc architecture to trusted users only

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor systems for unusual memory access patterns or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and architecture: uname -a | grep -i parisc && check if kernel version predates fix commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: grep -r '28a9b71671fb4a2993ef85b8ef6f117ea63894fe' /boot/System.map* or check kernel source

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to memory access violations
System call failures with EFAULT errors from user-space programs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("segmentation fault" OR "page fault" OR "EFAULT") AND process="system_call"

📊 Metadata

CVE ID: CVE-2025-39716

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.02% exploit probability (2.6th percentile)

Published: September 5, 2025

Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON