CVE-2025-22018
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's ATM subsystem allows local attackers to cause a kernel panic (denial of service) by triggering specific conditions in MPOA_cache_impos_rcvd(). This affects systems with ATM networking enabled, primarily Linux servers and embedded devices using ATM functionality.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical or remote console access to reboot.
Likely Case
Local denial of service through kernel panic, requiring system reboot to restore functionality.
If Mitigated
Minimal impact if ATM functionality is disabled or unused, as the vulnerable code path requires ATM to be active.
🎯 Exploit Status
Exploitation requires sending specific messages to the ATM subsystem, which typically requires local system access and ATM configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 09691f367df44fe93255274d80a439f9bb3263fc, 0ef6e49881b6b50ac454cb9d6501d009fdceb6fc, 14c7aca5ba2740973de27c1bb8df77b4dcb6f775, 1505f9b720656b17865e4166ab002960162bf679, 3c23bb2c894e9ef2727682f98c341b20f78c9013
Vendor Advisory: https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for patched kernel packages. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable ATM functionality
linuxRemove or disable ATM kernel modules if not needed
modprobe -r atm
echo 'blacklist atm' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable ATM kernel modules if not required for system functionality
- Restrict local user access to systems where ATM is enabled
🔍 How to Verify
Check if Vulnerable:
Check if ATM modules are loaded: lsmod | grep atm. If loaded and kernel version is before fixes, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: uname -r and verify with distribution security advisories.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'general protection fault' or 'null-ptr-deref' in ATM-related functions
- KASAN reports with 'null-ptr-deref' in MPOA_cache_impos_rcvd or eg_cache_remove_entry
Network Indicators:
- Unusual ATM protocol traffic from local processes
SIEM Query:
source="kernel" AND ("general protection fault" OR "null-ptr-deref") AND ("atm" OR "MPOA" OR "eg_cache")🔗 References
- https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc
- https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc
- https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775
- https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679
- https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013
- https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a
- https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d
- https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970
- https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
