Acknowledged
Created: Jul 28, 2025
Updated: Jul 29, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]atm: clip: Fix potential null-ptr-deref in to_atmarpd().[EOL][EOL]atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip[EOL]causes unregister hang").[EOL][EOL]However, it is not enough because to_atmarpd() is called without RTNL,[EOL]especially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable.[EOL][EOL]Also, there is no RTNL dependency around atmarpd.[EOL][EOL]Let's use a private mutex and RCU to protect access to atmarpd in[EOL]to_atmarpd().
CREATE(Triage):(User=admin) [CVE-2025-38460 (https://nvd.nist.gov/vuln/detail/CVE-2025-38460)
