CVE-2025-38460

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the atm/clip subsystem where a null pointer dereference may occur in the to atmarpd() function. This issue arises because to atmarpd() can be called without proper Real-Time Network Layer (RTNL) protection, particularly during unsleepable operations like clip neigh solicit() and neigh ops->solicit(). The vulnerability exists due to a lack of RTNL dependency around atmarpd. A private mutex and Read-Copy Update (RCU) mechanism have been implemented to protect access to atmarpd within to atmarpd().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.