PT-2025-29045 · Linux+6 · Linux Kernel+6
Anubis
·
Published
2025-07-10
·
Updated
2026-04-20
·
CVE-2025-38323
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A use-after-free issue was identified in the net/atm/lec.c component of the Linux kernel. Specifically, an error path in the
lecd attach() function could result in a dangling pointer within the dev lec[] array. A mutex was added to protect uses of dev lecp[] from lecd attach(), lec vcc attach(), and lec mcast attach(). This issue was discovered by syzbot during testing. The vulnerability manifests in the lane ioctl() function and can be triggered through the /proc/net/atm/lec interface.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu