Detections
Analytics

CVE-2025-38180

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.

References

https://git.kernel.org/stable/c/fcfccf56f4eba7d00aa2d33c7bb1b33083237742

https://git.kernel.org/stable/c/f2d1443b18806640abdb530e88009af7be2588e7

https://git.kernel.org/stable/c/e612c4b014f5808fbc6beae21f5ccaca5e76a2f8

https://git.kernel.org/stable/c/d03b79f459c7935cff830d98373474f440bd03ae

https://git.kernel.org/stable/c/ca3829c18c8d0ceb656605d3bff6bb3dfb078589

https://git.kernel.org/stable/c/a5e3a144268899f1a8c445c8a3bfa15873ba85e8

https://git.kernel.org/stable/c/9b9aeb3ada44d8abea1e31e4446113f460848ae4

https://git.kernel.org/stable/c/5fe1b23a2f87f43aeeac51e08819cbc6fd808cbc

Details

Source: Mitre, NVD

Published: 2025-07-04

Updated: 2025-07-08

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024