Linux Kernel NULL Dereference Vulnerability in ATM Clip Driver
CVE-2025-38251

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38251?

A vulnerability in the ATM clip driver of the Linux kernel allows a NULL dereference, potentially causing system crashes. This issue arises when the function clip_push() is called with a NULL socket buffer, leading to a failure in reading skb->truesize if the device list is also NULL. The flaw has been addressed in recent commits, ensuring enhanced stability and performance in handling ATM devices.

Affected Version(s)

Linux 93a2014afbace907178afc3c9c1e62c9a338595a < 88c88f91f4b3563956bb52e7a71a3640f7ece157

Linux 93a2014afbace907178afc3c9c1e62c9a338595a < 3c709dce16999bf6a1d2ce377deb5dd6fdd8cb08

Linux 93a2014afbace907178afc3c9c1e62c9a338595a

References

https://git.kernel.org/stable/c/88c88f91f4b3563956bb52e7a...

https://git.kernel.org/stable/c/3c709dce16999bf6a1d2ce377...

https://git.kernel.org/stable/c/a07005a77b18ae59b8471e7e4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025