CVE-2025-38251 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

atm: clip: prevent NULL deref in clip_push()

Blamed commit missed that vcc_destroy_socket() calls
clip_push() with a NULL skb.

If clip_devs is NULL, clip_push() then crashes when reading
skb->truesize.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

Advisories

Source	ID	Title
Debian DLA	DLA-4327-1	linux security update
Debian DLA	DLA-4328-1	linux-6.1 security update
Debian DSA	DSA-5973-1	linux security update
EUVD	EUVD-2025-20810	In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() calls clip_push() with a NULL skb. If clip_devs is NULL, clip_push() then crashes when reading skb->truesize.
Ubuntu USN	USN-7774-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7774-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7774-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7775-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-7775-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7776-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-7775-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7774-4	Linux kernel (KVM) vulnerabilities
Ubuntu USN	USN-7774-5	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-7833-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7834-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7833-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7833-3	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7833-4	Linux kernel (GCP) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/3c709dce16999bf6a1d2ce377deb5dd6fdd8cb08
https://git.kernel.org/stable/c/41f6420ee845006354c004839fed07da71e34aee
https://git.kernel.org/stable/c/88c88f91f4b3563956bb52e7a71a3640f7ece157
https://git.kernel.org/stable/c/9199e8cb75f13a1650adcb3c6cad42789c43884e
https://git.kernel.org/stable/c/a07005a77b18ae59b8471e7e4d991fa9f642b3c2
https://git.kernel.org/stable/c/b993ea46b3b601915ceaaf3c802adf11e7d6bac6
https://git.kernel.org/stable/c/ede31ad949ae0d03cb4c5edd79991586ad7c8bb8
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38251-3894@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38251
https://www.cve.org/CVERecord?id=CVE-2025-38251

History

Mon, 03 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Thu, 17 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/41f6420ee845006354c004839fed07da71e34aee

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00024}`	epss `{'score': 0.00032}`

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00018}`	epss `{'score': 0.00024}`

Thu, 10 Jul 2025 14:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/9199e8cb75f13a1650adcb3c6cad42789c43884e

Thu, 10 Jul 2025 00:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38251-3894@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38251 https://www.cve.org/CVERecord?id=CVE-2025-38251
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 09 Jul 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() calls clip_push() with a NULL skb. If clip_devs is NULL, clip_push() then crashes when reading skb->truesize.
Title		atm: clip: prevent NULL deref in clip_push()
References		https://git.kernel.org/stable/c/3c709dce16999bf6a1d2ce377deb5dd6fdd8cb08 https://git.kernel.org/stable/c/88c88f91f4b3563956bb52e7a71a3640f7ece157 https://git.kernel.org/stable/c/a07005a77b18ae59b8471e7e4d991fa9f642b3c2 https://git.kernel.org/stable/c/b993ea46b3b601915ceaaf3c802adf11e7d6bac6 https://git.kernel.org/stable/c/ede31ad949ae0d03cb4c5edd79991586ad7c8bb8

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-09T10:42:30.877Z

Updated: 2025-11-03T17:35:58.957Z

Reserved: 2025-04-16T04:51:23.997Z

Link: CVE-2025-38251

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-09T11:15:27.310

Modified: 2025-11-03T18:16:11.057

Link: CVE-2025-38251

Redhat

Severity : Moderate

Publid Date: 2025-07-09T00:00:00Z

Links: CVE-2025-38251 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-13T21:08:07Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object