CVE-2025-38458 in Linux
Summary
by MITRE • 07/25/2025
In the Linux kernel, the following vulnerability has been resolved:
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
atmarpd_dev_ops does not implement the send method, which may cause crash as bellow.
BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0010 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffc9000d3cf778 EFLAGS: 00010246 RAX: 1ffffffff1910dd1 RBX: 00000000000000c0 RCX: dffffc0000000000 RDX: ffffc9000dc82000 RSI: ffff88803e4c4640 RDI: ffff888052cd0000 RBP: ffffc9000d3cf8d0 R08: ffff888052c9143f R09: 1ffff1100a592287 R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff92001a79f00 R13: ffff888052cd0000 R14: ffff88803e4c4640 R15: ffffffff8c886e88 FS: 00007fbc762566c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000041f1b000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> vcc_sendmsg+0xa10/0xc50 net/atm/common.c:644 sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x219/0x270 net/socket.c:727 ____sys_sendmsg+0x52d/0x830 net/socket.c:2566 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620 __sys_sendmmsg+0x227/0x430 net/socket.c:2709 __do_sys_sendmmsg net/socket.c:2736 [inline]
__se_sys_sendmmsg net/socket.c:2733 [inline]
__x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2733 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/04/2026
The vulnerability identified as CVE-2025-38458 represents a critical null pointer dereference in the Linux kernel's ATM (Asynchronous Transfer Mode) subsystem, specifically within the clip module. This flaw manifests when the vcc_sendmsg function attempts to invoke a send method on the atmarpd_dev_ops structure, which lacks an implementation for this operation. The issue stems from improper handling of device operations within the ATM framework, where certain device operation structures are expected to provide specific function pointers but fail to do so. The vulnerability directly impacts the kernel's memory management and can lead to system crashes or potential privilege escalation scenarios.
The technical root cause of this vulnerability lies in the missing send method implementation within the atmarpd_dev_ops structure, which is part of the ATM networking subsystem. When vcc_sendmsg is called, it attempts to dereference a function pointer that points to NULL, resulting in a kernel NULL pointer dereference. This behavior aligns with CWE-476, which describes null pointer dereference issues in software systems. The crash occurs during network socket operations, specifically when attempting to send messages through ATM virtual circuits, indicating that the flaw affects kernel-level network communication mechanisms. The system's response to this condition triggers a kernel oops message with a segmentation fault, demonstrating the severity of the memory access violation.
From an operational perspective, this vulnerability poses significant risks to systems utilizing ATM networking capabilities, particularly those running kernel versions containing this flaw. The crash condition can be exploited to cause denial of service attacks, potentially disrupting network connectivity and system stability. Attackers could leverage this vulnerability to crash kernel processes or potentially escalate privileges if they can control the network communication flow. The vulnerability affects the fundamental socket operations within the ATM subsystem, meaning that any application or process attempting to send data through ATM virtual circuits could trigger the crash. This impacts system reliability and availability, especially in environments where ATM networking is critical for operations.
Mitigation strategies for CVE-2025-38458 should focus on implementing the proper send method within the atmarpd_dev_ops structure to prevent the null pointer dereference. System administrators should apply the latest kernel patches that address this specific issue, ensuring that the ATM subsystem properly handles device operations. Additionally, monitoring network traffic for unusual patterns that might indicate exploitation attempts can provide early detection capabilities. The implementation should follow ATT&CK framework tactics related to privilege escalation and defense evasion, as this vulnerability could potentially be used to bypass security controls. Organizations should also consider implementing network segmentation to limit the attack surface and reduce the impact of potential exploitation attempts. Regular kernel updates and security assessments remain essential to maintaining system integrity against similar vulnerabilities in the ATM networking subsystem.