Login Sign Up

CVE-2025-38459

7.8 HIGH
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's ATM CLIP (Classical IP over ATM) subsystem allows infinite recursion when ioctl(ATMARP_MKIP) is called multiple times on the same socket. This can lead to kernel stack exhaustion and system crashes. Systems using ATM networking or with the atm module loaded are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before fixes in stable branches (specific commits listed in references)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if ATM networking is configured/used or atm module is loaded. Most modern systems don't use ATM by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, potentially requiring physical reboot.

🟠

Likely Case

Local denial of service through kernel crash when malicious user triggers the race condition.

🟢

If Mitigated

Minimal impact if ATM networking is not used and atm module is not loaded.

🌐 Internet-Facing: LOW - Requires local access or ATM network exposure which is rare in modern internet-facing systems.
🏢 Internal Only: MEDIUM - Local users could crash systems if ATM networking is enabled, though ATM is uncommon in modern internal networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to call ioctl(ATMARP_MKIP) multiple times. Exploit would need to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in stable kernel versions via commits: 024876b247a8, 125166347d56, 1579a2777cb9, 3f61b997fe01, 5641019dfbae

Vendor Advisory: https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix
2. Check your distribution's security advisories for specific patched versions
3. Reboot system after kernel update

🔧 Temporary Workarounds

Unload ATM module

linux

Remove the atm kernel module if not needed

sudo rmmod atm

Prevent ATM module loading

linux

Blacklist atm module to prevent loading

echo 'blacklist atm' | sudo tee /etc/modprobe.d/atm-blacklist.conf

🧯 If You Can't Patch

  • Ensure ATM networking is disabled and atm module is not loaded
  • Restrict local user access to systems where ATM is required

🔍 How to Verify

Check if Vulnerable:

Check if atm module is loaded: lsmod | grep atm

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from distribution advisories

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Stack guard page violation messages
  • ATM-related crash reports

Network Indicators:

  • Unusual ATM network activity if ATM is enabled

SIEM Query:

kernel: *stack guard page* OR kernel: *clip_push* OR kernel: *ATMARP_MKIP*

📊 Metadata

CVE ID: CVE-2025-38459
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-674
EPSS Score: 0.02% exploit probability (2.9th percentile)
Published: July 25, 2025
Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38459, you might also want to check these:

CVE-2023-51803 9.8

This vulnerability in Heimdall allows attackers to upload malicious icons containing PHP code, poten...

Same vulnerability type (CWE-674)
CVE-2024-37973 8.8

CVE-2024-37973 is a Secure Boot security feature bypass vulnerability that allows attackers to circu...

Same vulnerability type (CWE-674)
CVE-2024-20311 8.6

An unauthenticated remote attacker can send specially crafted LISP packets to vulnerable Cisco devic...

Same vulnerability type (CWE-674)