AZL-73578

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73578.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-73578
Upstream
Published
2025-08-16T12:15:30Z
Modified
2026-04-01T05:22:18.636023Z
Summary
CVE-2025-38546 affecting package kernel for versions less than 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

atm: clip: Fix memory leak of struct clip_vcc.

ioctl(ATMARPMKIP) allocates struct clipvcc and set it to vcc->user_back.

The code assumes that vccdestroysocket() passes NULL skb to vcc->push() when the socket is close()d, and then clippush() frees clipvcc.

However, ioctl(ATMARPDCTRL) sets NULL to vcc->push() in atminit_atmarp(), resulting in memory leak.

Let's serialise two ioctl() by locksock() and check vcc->push() in atminit_atmarp() to prevent memleak.

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73578.json"