Infinite Recursion Vulnerability in Linux Kernel ATM Module
CVE-2025-38459

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38459?

A flaw in the ATM module of the Linux kernel allows for an infinite recursive call of the clip_push() function. This occurs when the ioctl(ATMARP_MKIP) command is issued multiple times, leading to improper handling of function pointers during socket operations. The vulnerability can cause a stack overflow due to excessive recursion and may impact system stability. Mitigations include implementing checks to prevent duplicate ioctl calls and utilizing locking mechanisms to avoid concurrent access issues.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 125166347d5676466d368aadc0bbc31ee7714352

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5641019dfbaee5e85fe093b590f0451c9dd4d6f8

References

https://git.kernel.org/stable/c/f493f31a63847624fd3199ac8...

https://git.kernel.org/stable/c/125166347d5676466d368aadc...

https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b59...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025