U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-40124 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios enabled resulted from copy_from_user() returning impossibly large values greater than the size to be copied. This lead to __copy_from_iter() returning impossible values instead of the actual number of bytes it was able to copy. The BUG_ON has been reported in https://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. The exception handlers expect that %o2 has already been masked during the bulk copy loop, but the masking was performed after that loop. This will fix the return value of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/1198077606aeffb102587c6ea079ce99641c99d4 kernel.org
https://git.kernel.org/stable/c/1857cdca12c4aff58bf26a7005a4d02850c29927 kernel.org
https://git.kernel.org/stable/c/47b49c06eb62504075f0f2e2227aee2e2c2a58b3 kernel.org
https://git.kernel.org/stable/c/5ef9c94d7110e90260c06868cf1dcf899b9f25ee kernel.org
https://git.kernel.org/stable/c/91eda032eb16e5d2be27c95584665bc555bb5a90 kernel.org
https://git.kernel.org/stable/c/dc766c4830a7e1e1ee9d7f77d4ab344f2eb23c8e kernel.org
https://git.kernel.org/stable/c/e50377c6b3f278c9f3ef017ffce17f5fcc9dace4 kernel.org
https://git.kernel.org/stable/c/fdd43fe6d286f27b826572457a89c926f97e2d3a kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-40124
NVD Published Date:
11/12/2025
NVD Last Modified:
11/12/2025
Source:
kernel.org