CVE-2025-40126
CVE-2025-40126 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (9th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-124957
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations. This will fix the return value of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged.
Frequently asked questions
- What is CVE-2025-40126?
- In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations. This will fix the return value of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged.
- Is CVE-2025-40126 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (9th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-40126?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-40126 have an EU (EUVD) identifier?
- Yes. CVE-2025-40126 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-124957.
- When was CVE-2025-40126 published?
- CVE-2025-40126 was published on 2025-11-12 and last updated on 2026-06-17.
References
- https://git.kernel.org/stable/c/0bf3dc3a2156f1c5ddaba4b85d09767874634114
- https://git.kernel.org/stable/c/41c18baee66134e6ef786eb075c1b6adb22432b0
- https://git.kernel.org/stable/c/4fba1713001195e59cfc001ff1f2837dab877efb
- https://git.kernel.org/stable/c/57c278500fce3cd4e1c540700c0b05426a958393
- https://git.kernel.org/stable/c/59424dc0d0e044b2eb007686a4724ddd91d57db5
- https://git.kernel.org/stable/c/674ff598148a28bae0b5372339de56f2abf0b1d1
- https://git.kernel.org/stable/c/7de3a75bbc8465d816336c74d50109e73501efab
- https://git.kernel.org/stable/c/9b137f277cc3297044aabd950f589e505d30104c