Memory Leak in Linux Kernel ATM Component
CVE-2025-38546

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38546?

A vulnerability in the Linux kernel's ATM subsystem leads to a memory leak involving the struct clip_vcc. This issue arises when the ioctl(ATMARP_MKIP) function allocates the struct clip_vcc and assumes that the corresponding socket closure procedure vcc_destroy_socket() will handle this correctly. However, a flaw in the implementation causes a situation where the vcc->push() is not reset correctly, resulting in a memory leak. To resolve this, the code should serialize two ioctl calls using lock_sock() and implement a check for vcc->push() during the initialization phase to prevent further memory leakage.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2fb37ab3226606cbfc9b2b6f9e301b0b735734c5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9e4dbeee56f614e3f1e166e5d0655a999ea185ef

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1c075e88d5859a2c6b43b27e0e46fb281cef8039

References

https://git.kernel.org/stable/c/2fb37ab3226606cbfc9b2b6f9...

https://git.kernel.org/stable/c/9e4dbeee56f614e3f1e166e5d...

https://git.kernel.org/stable/c/1c075e88d5859a2c6b43b27e0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025