NULL Pointer Dereference in Linux Kernel's ATM Component
CVE-2025-38458

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38458?

A vulnerability has been identified in the ATM component of the Linux kernel, specifically related to the handling of messages in the vcc_sendmsg function. This flaw could result in a NULL pointer dereference when the necessary send method is not properly implemented, leading to potential system crashes. It’s essential for system administrators and developers to apply available patches to mitigate this risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ec7e943aee5c28c173933f9defd40892fb3be3d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7f1cad84ac1a6af42d9d57e879de47ce37995024

References

https://git.kernel.org/stable/c/9ec7e943aee5c28c173933f9d...

https://git.kernel.org/stable/c/a16fbe6087e91c8e7c4aa50e1...

https://git.kernel.org/stable/c/7f1cad84ac1a6af42d9d57e87...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025