CVE-2025-38180

Updated: 2025-12-28 03:36:58.798627

Description:

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Needs Triage 2025-12-28 07:56:03
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1758010245 2025-09-30 05:30:37
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1757967705 2025-09-30 05:40:15
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-12-28 07:56:01
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-12-28 07:55:59
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-12-28 07:56:05
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-12-28 07:56:06
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1758009294 2025-09-16 11:19:31
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1757698145 2025-09-12 19:20:39
Oracle Linux 7 ELS kernel-uek 5.4.17 7.8 HIGH Released CLSA-2025:1757963029 2025-09-16 11:19:56
Total: 16