CVE-2025-38460
Published: Jul 25, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called without RTNL, especially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable. Also, there is no RTNL dependency around atmarpd. Let's use a private mutex and RCU to protect access to atmarpd in to_atmarpd().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < a4c5785feb979cd996a99cfaad8bf353b2e79301affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 70eac9ba7ce25d99c1d99bbf4ddb058940f631f9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 3251ce3979f41bd228f77a7615f9dd616d06a110affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < ee4d9e4ddf3f9c4ee2ec0a3aad6196ee36d30e57affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 06935c50cfa3ac57cce80bba67b6d38ec1406e92+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 5.4.296 - <= 5.4.*unaffected 5.10.240 - <= 5.10.*unaffected 5.15.189 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now