Null Pointer Dereference Vulnerability in Linux Kernel ATM Module
CVE-2025-38460

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38460?

A vulnerability exists in the Linux kernel's ATM module, specifically related to the atmarpd function. The issue arises when to_atmarpd() is called without proper RTNL (Route Networking Lock) protection, which can lead to potential null pointer dereference during operations such as clip_neigh_solicit(). This improper handling can manifest vulnerabilities in network stability and security. A fix was introduced to utilize a private mutex and RCU (Read-Copy-Update) for appropriate synchronization and protection around atmarpd, aiming to mitigate these risks.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 70eac9ba7ce25d99c1d99bbf4ddb058940f631f9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3251ce3979f41bd228f77a7615f9dd616d06a110

References

https://git.kernel.org/stable/c/a4c5785feb979cd996a99cfaa...

https://git.kernel.org/stable/c/70eac9ba7ce25d99c1d99bbf4...

https://git.kernel.org/stable/c/3251ce3979f41bd228f77a761...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025