7.8

CVE-2025-38180

net: atm: fix /proc/net/atm/lec handling

In the Linux kernel, the following vulnerability has been resolved:

net: atm: fix /proc/net/atm/lec handling

/proc/net/atm/lec must ensure safety against dev_lec[] changes.

It appears it had dev_put() calls without prior dev_hold(),
leading to imbalance and UAF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.13 < 5.4.295
LinuxLinux Kernel Version >= 5.5 < 5.10.239
LinuxLinux Kernel Version >= 5.11 < 5.15.186
LinuxLinux Kernel Version >= 5.16 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.95
LinuxLinux Kernel Version >= 6.7 < 6.12.35
LinuxLinux Kernel Version >= 6.13 < 6.15.4
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.066
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/fcfccf56f4eba7d00aa2d33c7bb1b33083237742
Patch
https://git.kernel.org/stable/c/f2d1443b18806640abdb530e88009af7be2588e7
Patch
https://git.kernel.org/stable/c/ca3829c18c8d0ceb656605d3bff6bb3dfb078589
Patch
https://git.kernel.org/stable/c/e612c4b014f5808fbc6beae21f5ccaca5e76a2f8
Patch
https://git.kernel.org/stable/c/a5e3a144268899f1a8c445c8a3bfa15873ba85e8
Patch
https://git.kernel.org/stable/c/5fe1b23a2f87f43aeeac51e08819cbc6fd808cbc
Patch
https://git.kernel.org/stable/c/9b9aeb3ada44d8abea1e31e4446113f460848ae4
Patch
https://git.kernel.org/stable/c/d03b79f459c7935cff830d98373474f440bd03ae
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory