CVE-2025-22004
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's ATM (Asynchronous Transfer Mode) subsystem allows attackers to potentially crash the kernel or execute arbitrary code. This affects Linux systems with ATM networking enabled, though ATM is rarely used in modern deployments. The vulnerability occurs when the lec_send() function accesses freed memory after the ->send() operation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, resulting in complete system compromise.
Likely Case
Kernel crash causing denial of service, requiring system reboot to restore functionality.
If Mitigated
Minimal impact if ATM networking is disabled or not configured, which is the default for most modern Linux distributions.
🎯 Exploit Status
Exploitation requires local access and ATM networking to be enabled. The vulnerability is in a deprecated networking protocol rarely used today.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes (see git references in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/326223182e4703cde99fdbd36d07d0b3de9980fb
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable ATM kernel module
linuxPrevent loading of ATM networking module to eliminate attack surface
echo 'blacklist atm' >> /etc/modprobe.d/blacklist-atm.conf
rmmod atm
🧯 If You Can't Patch
- Disable ATM networking completely if not needed
- Implement strict access controls to limit who can interact with ATM interfaces
🔍 How to Verify
Check if Vulnerable:
Check if ATM module is loaded: lsmod | grep atmCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions in git references📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- ATM-related crash reports
Network Indicators:
- Unusual ATM protocol traffic if ATM is unexpectedly enabled
SIEM Query:
source="kernel" AND ("panic" OR "oops") AND "atm"🔗 References
- https://git.kernel.org/stable/c/326223182e4703cde99fdbd36d07d0b3de9980fb
- https://git.kernel.org/stable/c/50e288097c2c6e5f374ae079394436fc29d1e88e
- https://git.kernel.org/stable/c/51e8be9578a2e74f9983d8fd8de8cafed191f30c
- https://git.kernel.org/stable/c/82d9084a97892de1ee4881eb5c17911fcd9be6f6
- https://git.kernel.org/stable/c/8cd90c7db08f32829bfa1b5b2b11fbc542afbab7
- https://git.kernel.org/stable/c/9566f6ee13b17a15d0a47667ad1b1893c539f730
- https://git.kernel.org/stable/c/f3009d0d6ab78053117f8857b921a8237f4d17b3
- https://git.kernel.org/stable/c/f3271f7548385e0096739965961c7cbf7e6b4762
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
