CVE-2025-38546
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
| linux | linux_kernel | 5.10.244-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's ATM (Asynchronous Transfer Mode) subsystem, specifically in the clip component. The issue arises because the code incorrectly assumes that a certain function (vcc->push) will be called with a NULL socket buffer (skb) when a socket is closed, which triggers freeing of allocated memory (struct clip_vcc). However, due to ioctl(ATMARPD_CTRL) setting vcc->push to NULL, this freeing does not happen, causing a memory leak. The fix involves serializing two ioctl calls and checking vcc->push to prevent the leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel, which over time could consume system memory unnecessarily. This may degrade system performance, cause instability, or potentially lead to denial of service if memory resources are exhausted.