CVE-2025-38546
Published: Aug 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 2fb37ab3226606cbfc9b2b6f9e301b0b735734c5affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 9e4dbeee56f614e3f1e166e5d0655a999ea185efaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 1c075e88d5859a2c6b43b27e0e46fb281cef8039affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 1fb9fb5a4b5cec2d56e26525ef8c519de858fa60+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 5.4.296 - <= 5.4.*unaffected 5.10.240 - <= 5.10.*unaffected 5.15.189 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now