We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38323

net: atm: add lec_mutex



Description

In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() and lec_mcast_attach(). Following patch will use this mutex for /proc/net/atm/lec. BUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline] BUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008 Read of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142 CPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xcd/0x680 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 lecd_attach net/atm/lec.c:751 [inline] lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008 do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159 sock_do_ioctl+0x118/0x280 net/socket.c:1190 sock_ioctl+0x227/0x6b0 net/socket.c:1311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 6132: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4328 [inline] __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015 alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711 lecd_attach net/atm/lec.c:737 [inline] lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008 do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159 sock_do_ioctl+0x118/0x280 net/socket.c:1190 sock_ioctl+0x227/0x6b0 net/socket.c:1311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 6132: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2381 [inline] slab_free mm/slub.c:4643 [inline] kfree+0x2b4/0x4d0 mm/slub.c:4842 free_netdev+0x6c5/0x910 net/core/dev.c:11892 lecd_attach net/atm/lec.c:744 [inline] lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008 do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159 sock_do_ioctl+0x118/0x280 net/socket.c:1190 sock_ioctl+0x227/0x6b0 net/socket.c:1311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893

Reserved 2025-04-16 | Published 2025-07-10 | Updated 2025-07-10 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e91274cc7ed88ab5bdc62d426067c82b0b118a0b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before a7a713dfb5f9477345450f27c7c0741864511192
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 17e156a94e94a906a570dbf9b48877956c60bef8
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 18e8f0c4f826fb08c2d3825cdd6c57e24b207e0a
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before dffd03422ae6a459039c8602f410e6c0f4cbc6c8
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before f4d80b16ecc4229f7e6345158ef34c36be323f0e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 64b378db28a967f7b271b055380c2360279aa424
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before d13a3824bfd2b4774b671a75cf766a16637a0e67
affected

Default status
affected

2.6.12
affected

Any version before 2.6.12
unaffected

5.4.295
unaffected

5.10.239
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.95
unaffected

6.12.35
unaffected

6.15.4
unaffected

6.16-rc3
unaffected

References

git.kernel.org/...c/e91274cc7ed88ab5bdc62d426067c82b0b118a0b

git.kernel.org/...c/a7a713dfb5f9477345450f27c7c0741864511192

git.kernel.org/...c/17e156a94e94a906a570dbf9b48877956c60bef8

git.kernel.org/...c/18e8f0c4f826fb08c2d3825cdd6c57e24b207e0a

git.kernel.org/...c/dffd03422ae6a459039c8602f410e6c0f4cbc6c8

git.kernel.org/...c/f4d80b16ecc4229f7e6345158ef34c36be323f0e

git.kernel.org/...c/64b378db28a967f7b271b055380c2360279aa424

git.kernel.org/...c/d13a3824bfd2b4774b671a75cf766a16637a0e67

cve.org (CVE-2025-38323)

nvd.nist.gov (CVE-2025-38323)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38323

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.