CVE-2025-38546
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak.
Analysis
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical Context
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak. Affected products include: Linux Linux Kernel, Debian Debian Linux.
Affected Products
Linux Linux Kernel, Debian Debian Linux.
Remediation
A vendor patch is available. Apply the latest security update as soon as possible. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today