Fixed
Created: Aug 17, 2025
Updated: Aug 28, 2025
Resolved Date: Aug 28, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]atm: clip: Fix memory leak of struct clip_vcc.[EOL][EOL]ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to[EOL]vcc->user_back.[EOL][EOL]The code assumes that vcc_destroy_socket() passes NULL skb[EOL]to vcc->push() when the socket is close()d, and then clip_push()[EOL]frees clip_vcc.[EOL][EOL]However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in[EOL]atm_init_atmarp(), resulting in memory leak.[EOL][EOL]Let's serialise two ioctl() by lock_sock() and check vcc->push()[EOL]in atm_init_atmarp() to prevent memleak.
CREATE(Triage):(User=pbi-cn) [CVE-2025-38546 (https://nvd.nist.gov/vuln/detail/CVE-2025-38546)
