5.5

CVE-2025-38460

atm: clip: Fix potential null-ptr-deref in to_atmarpd().

In the Linux kernel, the following vulnerability has been resolved:

atm: clip: Fix potential null-ptr-deref in to_atmarpd().

atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip
causes unregister hang").

However, it is not enough because to_atmarpd() is called without RTNL,
especially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable.

Also, there is no RTNL dependency around atmarpd.

Let's use a private mutex and RCU to protect access to atmarpd in
to_atmarpd().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.13 < 5.4.296
LinuxLinux Kernel Version >= 5.5 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.189
LinuxLinux Kernel Version >= 5.16 < 6.1.146
LinuxLinux Kernel Version >= 6.2 < 6.6.99
LinuxLinux Kernel Version >= 6.7 < 6.12.39
LinuxLinux Kernel Version >= 6.13 < 6.15.7
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
LinuxLinux Kernel Version6.16 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.057
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/06935c50cfa3ac57cce80bba67b6d38ec1406e92
Patch
https://git.kernel.org/stable/c/3251ce3979f41bd228f77a7615f9dd616d06a110
Patch
https://git.kernel.org/stable/c/36caab990b69ef4eec1d81c52a19f080b7daa059
Patch
https://git.kernel.org/stable/c/706cc36477139c1616a9b2b96610a8bb520b7119
Patch
https://git.kernel.org/stable/c/70eac9ba7ce25d99c1d99bbf4ddb058940f631f9
Patch
https://git.kernel.org/stable/c/a4c5785feb979cd996a99cfaad8bf353b2e79301
Patch
https://git.kernel.org/stable/c/ee4d9e4ddf3f9c4ee2ec0a3aad6196ee36d30e57
Patch
https://git.kernel.org/stable/c/f58e4270c73e7f086322978d585ea67c8076ce49
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory