CVE-2025-38460

{"id": "CVE-2025-38460", "cveTags": [], "metrics": {}, "published": "2025-07-25T16:15:31.787", "references": [{"url": "https://git.kernel.org/stable/c/06935c50cfa3ac57cce80bba67b6d38ec1406e92", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3251ce3979f41bd228f77a7615f9dd616d06a110", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/36caab990b69ef4eec1d81c52a19f080b7daa059", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/706cc36477139c1616a9b2b96610a8bb520b7119", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/70eac9ba7ce25d99c1d99bbf4ddb058940f631f9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a4c5785feb979cd996a99cfaad8bf353b2e79301", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ee4d9e4ddf3f9c4ee2ec0a3aad6196ee36d30e57", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f58e4270c73e7f086322978d585ea67c8076ce49", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet's use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: clip: Se corrige un posible error de referencia nulo en to_atmarpd(). atmarpd est\u00e1 protegido por RTNL desde el commit f3a0592b37b8 (\"[ATM]: clip provoca un bloqueo al cancelar el registro\"). Sin embargo, esto no es suficiente, ya que to_atmarpd() se llama sin RTNL, especialmente clip_neigh_solicit() / neigh_ops->solicit() no se puede suspender. Adem\u00e1s, atmarpd no depende de RTNL. Usemos un mutex privado y una RCU para proteger el acceso a atmarpd en to_atmarpd()."}], "lastModified": "2025-07-29T14:14:55.157", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}