CVE-2025-38460
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-12-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called without RTNL, especially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable. Also, there is no RTNL dependency around atmarpd. Let's use a private mutex and RCU to protect access to atmarpd in to_atmarpd().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-12-22
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38460
Affected Vendors & Products
Showing 18 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 2.6.13 (inc) to 5.4.296 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.240 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.189 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.146 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.99 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.39 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.7 (exc)
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a potential null pointer dereference in the Linux kernel function to_atmarpd(), related to the atm: clip component. The issue arises because to_atmarpd() is called without proper RTNL (routing netlink) locking, especially in unsleepable contexts like clip_neigh_solicit() and neigh_ops->solicit(). The lack of synchronization can lead to a null pointer dereference, which has been addressed by introducing a private mutex and RCU (Read-Copy-Update) to protect access to atmarpd in to_atmarpd().


How can this vulnerability impact me? :

This vulnerability can cause a null pointer dereference in the Linux kernel, which may lead to kernel crashes or system instability. Such crashes can result in denial of service conditions, affecting the availability of systems running vulnerable versions of the Linux kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart