CVE-2025-38460

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38460
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38460.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38460
Downstream
Related
Published
2025-07-25T16:15:31Z
Modified
2025-08-30T18:01:36Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

atm: clip: Fix potential null-ptr-deref in to_atmarpd().

atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang").

However, it is not enough because toatmarpd() is called without RTNL, especially clipneighsolicit() / neighops->solicit() is unsleepable.

Also, there is no RTNL dependency around atmarpd.

Let's use a private mutex and RCU to protect access to atmarpd in to_atmarpd().

References

Affected packages