CVE-2025-22018 (GCVE-0-2025-22018)

Vulnerability from cvelistv5 – Published: 2025-04-16 05:04 – Updated: 2025-11-03 19:41
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situation where entry is NULL and holding_time exists, it can be passed when both entry and holding_time are NULL. If these are NULL, the entry will be passd to eg_cache_put() as parameter and it is referenced by entry->use code in it. kasan log: [ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I [ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102 [ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470 [ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80 [ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006 [ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e [ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030 [ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88 [ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15 [ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068 [ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000 [ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0 [ 3.326430] Call Trace: [ 3.326725] <TASK> [ 3.326927] ? die_addr+0x3c/0xa0 [ 3.327330] ? exc_general_protection+0x161/0x2a0 [ 3.327662] ? asm_exc_general_protection+0x26/0x30 [ 3.328214] ? vprintk_emit+0x15e/0x420 [ 3.328543] ? eg_cache_remove_entry+0xa5/0x470 [ 3.328910] ? eg_cache_remove_entry+0x9a/0x470 [ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10 [ 3.329664] ? console_unlock+0x107/0x1d0 [ 3.329946] ? __pfx_console_unlock+0x10/0x10 [ 3.330283] ? do_syscall_64+0xa6/0x1a0 [ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f [ 3.331090] ? __pfx_prb_read_valid+0x10/0x10 [ 3.331395] ? down_trylock+0x52/0x80 [ 3.331703] ? vprintk_emit+0x15e/0x420 [ 3.331986] ? __pfx_vprintk_emit+0x10/0x10 [ 3.332279] ? down_trylock+0x52/0x80 [ 3.332527] ? _printk+0xbf/0x100 [ 3.332762] ? __pfx__printk+0x10/0x10 [ 3.333007] ? _raw_write_lock_irq+0x81/0xe0 [ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10 [ 3.333614] msg_from_mpoad+0x1185/0x2750 [ 3.333893] ? __build_skb_around+0x27b/0x3a0 [ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10 [ 3.334501] ? __alloc_skb+0x1c0/0x310 [ 3.334809] ? __pfx___alloc_skb+0x10/0x10 [ 3.335283] ? _raw_spin_lock+0xe0/0xe0 [ 3.335632] ? finish_wait+0x8d/0x1e0 [ 3.335975] vcc_sendmsg+0x684/0xba0 [ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10 [ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10 [ 3.337056] ? fdget+0x176/0x3e0 [ 3.337348] __sys_sendto+0x4a2/0x510 [ 3.337663] ? __pfx___sys_sendto+0x10/0x10 [ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400 [ 3.338364] ? sock_ioctl+0x1bb/0x5a0 [ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20 [ 3.339017] ? __pfx_sock_ioctl+0x10/0x10 [ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 3.339727] ? selinux_file_ioctl+0xa4/0x260 [ 3.340166] __x64_sys_sendto+0xe0/0x1c0 [ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140 [ 3.340898] do_syscall_64+0xa6/0x1a0 [ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3.341533] RIP: 0033:0x44a380 [ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00 [ ---truncated---
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ab92f51c7f53a08f1a686bfb80690ebb3672357d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1505f9b720656b17865e4166ab002960162bf679 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d7f1e4a53a51cc6ba833afcb40439f18dab61c1f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0ef6e49881b6b50ac454cb9d6501d009fdceb6fc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9da6b6340dbcf0f60ae3ec6a7d6438337c32518a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 09691f367df44fe93255274d80a439f9bb3263fc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3c23bb2c894e9ef2727682f98c341b20f78c9013 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 14c7aca5ba2740973de27c1bb8df77b4dcb6f775 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bf2986fcf82a449441f9ee4335df19be19e83970 (git)
Create a notification for this product.
    Linux Linux Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.292 , ≤ 5.4.* (semver)
Unaffected: 5.10.236 , ≤ 5.10.* (semver)
Unaffected: 5.15.180 , ≤ 5.15.* (semver)
Unaffected: 6.1.133 , ≤ 6.1.* (semver)
Unaffected: 6.6.86 , ≤ 6.6.* (semver)
Unaffected: 6.12.22 , ≤ 6.12.* (semver)
Unaffected: 6.13.10 , ≤ 6.13.* (semver)
Unaffected: 6.14.1 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T17:06:43.783549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T17:06:46.551Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:41:03.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/atm/mpc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ab92f51c7f53a08f1a686bfb80690ebb3672357d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1505f9b720656b17865e4166ab002960162bf679",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d7f1e4a53a51cc6ba833afcb40439f18dab61c1f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0ef6e49881b6b50ac454cb9d6501d009fdceb6fc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9da6b6340dbcf0f60ae3ec6a7d6438337c32518a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "09691f367df44fe93255274d80a439f9bb3263fc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3c23bb2c894e9ef2727682f98c341b20f78c9013",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "14c7aca5ba2740973de27c1bb8df77b4dcb6f775",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bf2986fcf82a449441f9ee4335df19be19e83970",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/atm/mpc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.292",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.236",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.292",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.236",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.180",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.133",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.86",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.22",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.1",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry-\u003euse code in it.\n\nkasan log:\n\n[    3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[    3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[    3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[    3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[    3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[    3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[    3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[    3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[    3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[    3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[    3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[    3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[    3.324185] FS:  000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[    3.325042] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[    3.326430] Call Trace:\n[    3.326725]  \u003cTASK\u003e\n[    3.326927]  ? die_addr+0x3c/0xa0\n[    3.327330]  ? exc_general_protection+0x161/0x2a0\n[    3.327662]  ? asm_exc_general_protection+0x26/0x30\n[    3.328214]  ? vprintk_emit+0x15e/0x420\n[    3.328543]  ? eg_cache_remove_entry+0xa5/0x470\n[    3.328910]  ? eg_cache_remove_entry+0x9a/0x470\n[    3.329294]  ? __pfx_eg_cache_remove_entry+0x10/0x10\n[    3.329664]  ? console_unlock+0x107/0x1d0\n[    3.329946]  ? __pfx_console_unlock+0x10/0x10\n[    3.330283]  ? do_syscall_64+0xa6/0x1a0\n[    3.330584]  ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[    3.331090]  ? __pfx_prb_read_valid+0x10/0x10\n[    3.331395]  ? down_trylock+0x52/0x80\n[    3.331703]  ? vprintk_emit+0x15e/0x420\n[    3.331986]  ? __pfx_vprintk_emit+0x10/0x10\n[    3.332279]  ? down_trylock+0x52/0x80\n[    3.332527]  ? _printk+0xbf/0x100\n[    3.332762]  ? __pfx__printk+0x10/0x10\n[    3.333007]  ? _raw_write_lock_irq+0x81/0xe0\n[    3.333284]  ? __pfx__raw_write_lock_irq+0x10/0x10\n[    3.333614]  msg_from_mpoad+0x1185/0x2750\n[    3.333893]  ? __build_skb_around+0x27b/0x3a0\n[    3.334183]  ? __pfx_msg_from_mpoad+0x10/0x10\n[    3.334501]  ? __alloc_skb+0x1c0/0x310\n[    3.334809]  ? __pfx___alloc_skb+0x10/0x10\n[    3.335283]  ? _raw_spin_lock+0xe0/0xe0\n[    3.335632]  ? finish_wait+0x8d/0x1e0\n[    3.335975]  vcc_sendmsg+0x684/0xba0\n[    3.336250]  ? __pfx_vcc_sendmsg+0x10/0x10\n[    3.336587]  ? __pfx_autoremove_wake_function+0x10/0x10\n[    3.337056]  ? fdget+0x176/0x3e0\n[    3.337348]  __sys_sendto+0x4a2/0x510\n[    3.337663]  ? __pfx___sys_sendto+0x10/0x10\n[    3.337969]  ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[    3.338364]  ? sock_ioctl+0x1bb/0x5a0\n[    3.338653]  ? __rseq_handle_notify_resume+0x825/0xd20\n[    3.339017]  ? __pfx_sock_ioctl+0x10/0x10\n[    3.339316]  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[    3.339727]  ? selinux_file_ioctl+0xa4/0x260\n[    3.340166]  __x64_sys_sendto+0xe0/0x1c0\n[    3.340526]  ? syscall_exit_to_user_mode+0x123/0x140\n[    3.340898]  do_syscall_64+0xa6/0x1a0\n[    3.341170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[    3.341533] RIP: 0033:0x44a380\n[    3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[    \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:16:40.322Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a"
        },
        {
          "url": "https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013"
        },
        {
          "url": "https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970"
        }
      ],
      "title": "atm: Fix NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22018",
    "datePublished": "2025-04-16T05:04:54.697Z",
    "dateReserved": "2024-12-29T08:45:45.806Z",
    "dateUpdated": "2025-11-03T19:41:03.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22018\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-16T05:15:31.297\",\"lastModified\":\"2025-11-03T20:17:37.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\natm: Fix NULL pointer dereference\\n\\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\\nNull Pointer Dereference Vulnerability if both entry and\\nholding_time are NULL. Because there is only for the situation\\nwhere entry is NULL and holding_time exists, it can be passed\\nwhen both entry and holding_time are NULL. If these are NULL,\\nthe entry will be passd to eg_cache_put() as parameter and\\nit is referenced by entry-\u003euse code in it.\\n\\nkasan log:\\n\\n[    3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\\n[    3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\\n[    3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\\n[    3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\n[    3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\\n[    3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\\n[    3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\\n[    3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\\n[    3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\\n[    3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\\n[    3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\\n[    3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\\n[    3.324185] FS:  000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\\n[    3.325042] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[    3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\\n[    3.326430] Call Trace:\\n[    3.326725]  \u003cTASK\u003e\\n[    3.326927]  ? die_addr+0x3c/0xa0\\n[    3.327330]  ? exc_general_protection+0x161/0x2a0\\n[    3.327662]  ? asm_exc_general_protection+0x26/0x30\\n[    3.328214]  ? vprintk_emit+0x15e/0x420\\n[    3.328543]  ? eg_cache_remove_entry+0xa5/0x470\\n[    3.328910]  ? eg_cache_remove_entry+0x9a/0x470\\n[    3.329294]  ? __pfx_eg_cache_remove_entry+0x10/0x10\\n[    3.329664]  ? console_unlock+0x107/0x1d0\\n[    3.329946]  ? __pfx_console_unlock+0x10/0x10\\n[    3.330283]  ? do_syscall_64+0xa6/0x1a0\\n[    3.330584]  ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\\n[    3.331090]  ? __pfx_prb_read_valid+0x10/0x10\\n[    3.331395]  ? down_trylock+0x52/0x80\\n[    3.331703]  ? vprintk_emit+0x15e/0x420\\n[    3.331986]  ? __pfx_vprintk_emit+0x10/0x10\\n[    3.332279]  ? down_trylock+0x52/0x80\\n[    3.332527]  ? _printk+0xbf/0x100\\n[    3.332762]  ? __pfx__printk+0x10/0x10\\n[    3.333007]  ? _raw_write_lock_irq+0x81/0xe0\\n[    3.333284]  ? __pfx__raw_write_lock_irq+0x10/0x10\\n[    3.333614]  msg_from_mpoad+0x1185/0x2750\\n[    3.333893]  ? __build_skb_around+0x27b/0x3a0\\n[    3.334183]  ? __pfx_msg_from_mpoad+0x10/0x10\\n[    3.334501]  ? __alloc_skb+0x1c0/0x310\\n[    3.334809]  ? __pfx___alloc_skb+0x10/0x10\\n[    3.335283]  ? _raw_spin_lock+0xe0/0xe0\\n[    3.335632]  ? finish_wait+0x8d/0x1e0\\n[    3.335975]  vcc_sendmsg+0x684/0xba0\\n[    3.336250]  ? __pfx_vcc_sendmsg+0x10/0x10\\n[    3.336587]  ? __pfx_autoremove_wake_function+0x10/0x10\\n[    3.337056]  ? fdget+0x176/0x3e0\\n[    3.337348]  __sys_sendto+0x4a2/0x510\\n[    3.337663]  ? __pfx___sys_sendto+0x10/0x10\\n[    3.337969]  ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\\n[    3.338364]  ? sock_ioctl+0x1bb/0x5a0\\n[    3.338653]  ? __rseq_handle_notify_resume+0x825/0xd20\\n[    3.339017]  ? __pfx_sock_ioctl+0x10/0x10\\n[    3.339316]  ? __pfx___rseq_handle_notify_resume+0x10/0x10\\n[    3.339727]  ? selinux_file_ioctl+0xa4/0x260\\n[    3.340166]  __x64_sys_sendto+0xe0/0x1c0\\n[    3.340526]  ? syscall_exit_to_user_mode+0x123/0x140\\n[    3.340898]  do_syscall_64+0xa6/0x1a0\\n[    3.341170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n[    3.341533] RIP: 0033:0x44a380\\n[    3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\\n[    \\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: Correcci\u00f3n de la desreferencia de puntero nulo. Cuando MPOA_cache_impos_rcvd() recibe el mensaje, puede activar la vulnerabilidad de desreferencia de puntero nulo si tanto la entrada como el tiempo de retenci\u00f3n son nulos. Dado que solo existe cuando la entrada es nula y el tiempo de retenci\u00f3n existe, se puede pasar cuando tanto la entrada como el tiempo de retenci\u00f3n son nulos. Si son nulos, la entrada se pasa a eg_cache_put() como par\u00e1metro y se referencia mediante el c\u00f3digo de entrada-\u0026gt;uso. registro de kasan: [3.316691] Ups: fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000006:I [3.317568] KASAN: null-ptr-deref en el rango [0x0000000000000030-0x0000000000000037] [3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex No contaminado 6.14.0-rc2 #102 [3.318601] Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470 [ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80 [ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006 [ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e [ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030 [ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88 [ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15 [ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068 [ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000 [ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0 [ 3.326430] Call Trace: [ 3.326725]  [ 3.326927] ? die_addr+0x3c/0xa0 [ 3.327330] ? exc_general_protection+0x161/0x2a0 [ 3.327662] ? asm_exc_general_protection+0x26/0x30 [ 3.328214] ? vprintk_emit+0x15e/0x420 [ 3.328543] ? eg_cache_remove_entry+0xa5/0x470 [ 3.328910] ? eg_cache_remove_entry+0x9a/0x470 [ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10 [ 3.329664] ? console_unlock+0x107/0x1d0 [ 3.329946] ? __pfx_console_unlock+0x10/0x10 [ 3.330283] ? do_syscall_64+0xa6/0x1a0 [ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f [ 3.331090] ? __pfx_prb_read_valid+0x10/0x10 [ 3.331395] ? down_trylock+0x52/0x80 [ 3.331703] ? vprintk_emit+0x15e/0x420 [ 3.331986] ? __pfx_vprintk_emit+0x10/0x10 [ 3.332279] ? down_trylock+0x52/0x80 [ 3.332527] ? _printk+0xbf/0x100 [ 3.332762] ? __pfx__printk+0x10/0x10 [ 3.333007] ? _raw_write_lock_irq+0x81/0xe0 [ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10 [ 3.333614] msg_from_mpoad+0x1185/0x2750 [ 3.333893] ? __build_skb_around+0x27b/0x3a0 [ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10 [ 3.334501] ? __alloc_skb+0x1c0/0x310 [ 3.334809] ? __pfx___alloc_skb+0x10/0x10 [ 3.335283] ? _raw_spin_lock+0xe0/0xe0 [ 3.335632] ? finish_wait+0x8d/0x1e0 [ 3.335975] vcc_sendmsg+0x684/0xba0 [ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10 [ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10 [ 3.337056] ? fdget+0x176/0x3e0 [ 3.337348] __sys_sendto+0x4a2/0x510 [ 3.337663] ? __pfx___sys_sendto+0x10/0x10 [ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400 [ 3.338364] ? sock_ioctl+0x1bb/0x5a0 [ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20 [ 3.339017] ? __pfx_sock_ioctl+0x10/0x10 [ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 3.339727] ? selinux_file_ioctl+0xa4/0x260 [ 3.340166] __x64_sys_sendto+0xe0/0x1c0 [ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140 [ 3.340898] do_syscall_64+0xa6/0x1a0 [ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3.341533] RIP: 0033:0x44a380 [ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00 [ ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.12\",\"versionEndExcluding\":\"5.4.292\",\"matchCriteriaId\":\"3699CF82-E5ED-44DF-96D3-26BBAB077202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.236\",\"matchCriteriaId\":\"1DF46FB0-9163-4ABE-8CCA-32A497D4715B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.180\",\"matchCriteriaId\":\"D19801C8-3D18-405D-9989-E6C9B30255FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.133\",\"matchCriteriaId\":\"F0054446-3F3B-42C4-BDB3-8FDD29D57F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.86\",\"matchCriteriaId\":\"5DB427C2-3400-4B39-AC18-49AECE5221B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.22\",\"matchCriteriaId\":\"9F037D3C-D627-4151-8546-1A2E3C2B38A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.10\",\"matchCriteriaId\":\"E9410CA0-CED8-49BE-9DB4-856654736C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.14\",\"versionEndExcluding\":\"6.14.1\",\"matchCriteriaId\":\"89BB130A-353E-463E-AC78-62A82184C50A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:41:03.748Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T17:06:43.783549Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T14:39:58.192Z\"}}], \"cna\": {\"title\": \"atm: Fix NULL pointer dereference\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"ab92f51c7f53a08f1a686bfb80690ebb3672357d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"1505f9b720656b17865e4166ab002960162bf679\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"d7f1e4a53a51cc6ba833afcb40439f18dab61c1f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"0ef6e49881b6b50ac454cb9d6501d009fdceb6fc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"9da6b6340dbcf0f60ae3ec6a7d6438337c32518a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"09691f367df44fe93255274d80a439f9bb3263fc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"3c23bb2c894e9ef2727682f98c341b20f78c9013\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"14c7aca5ba2740973de27c1bb8df77b4dcb6f775\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"bf2986fcf82a449441f9ee4335df19be19e83970\", \"versionType\": \"git\"}], \"programFiles\": [\"net/atm/mpc.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.292\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.236\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.180\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.133\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.86\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.22\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.14.*\"}, {\"status\": \"unaffected\", \"version\": \"6.15\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/atm/mpc.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d\"}, {\"url\": \"https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679\"}, {\"url\": \"https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f\"}, {\"url\": \"https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc\"}, {\"url\": \"https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a\"}, {\"url\": \"https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc\"}, {\"url\": \"https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013\"}, {\"url\": \"https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775\"}, {\"url\": \"https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\natm: Fix NULL pointer dereference\\n\\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\\nNull Pointer Dereference Vulnerability if both entry and\\nholding_time are NULL. Because there is only for the situation\\nwhere entry is NULL and holding_time exists, it can be passed\\nwhen both entry and holding_time are NULL. If these are NULL,\\nthe entry will be passd to eg_cache_put() as parameter and\\nit is referenced by entry-\u003euse code in it.\\n\\nkasan log:\\n\\n[    3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\\n[    3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\\n[    3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\\n[    3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\n[    3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\\n[    3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\\n[    3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\\n[    3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\\n[    3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\\n[    3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\\n[    3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\\n[    3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\\n[    3.324185] FS:  000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\\n[    3.325042] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[    3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\\n[    3.326430] Call Trace:\\n[    3.326725]  \u003cTASK\u003e\\n[    3.326927]  ? die_addr+0x3c/0xa0\\n[    3.327330]  ? exc_general_protection+0x161/0x2a0\\n[    3.327662]  ? asm_exc_general_protection+0x26/0x30\\n[    3.328214]  ? vprintk_emit+0x15e/0x420\\n[    3.328543]  ? eg_cache_remove_entry+0xa5/0x470\\n[    3.328910]  ? eg_cache_remove_entry+0x9a/0x470\\n[    3.329294]  ? __pfx_eg_cache_remove_entry+0x10/0x10\\n[    3.329664]  ? console_unlock+0x107/0x1d0\\n[    3.329946]  ? __pfx_console_unlock+0x10/0x10\\n[    3.330283]  ? do_syscall_64+0xa6/0x1a0\\n[    3.330584]  ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\\n[    3.331090]  ? __pfx_prb_read_valid+0x10/0x10\\n[    3.331395]  ? down_trylock+0x52/0x80\\n[    3.331703]  ? vprintk_emit+0x15e/0x420\\n[    3.331986]  ? __pfx_vprintk_emit+0x10/0x10\\n[    3.332279]  ? down_trylock+0x52/0x80\\n[    3.332527]  ? _printk+0xbf/0x100\\n[    3.332762]  ? __pfx__printk+0x10/0x10\\n[    3.333007]  ? _raw_write_lock_irq+0x81/0xe0\\n[    3.333284]  ? __pfx__raw_write_lock_irq+0x10/0x10\\n[    3.333614]  msg_from_mpoad+0x1185/0x2750\\n[    3.333893]  ? __build_skb_around+0x27b/0x3a0\\n[    3.334183]  ? __pfx_msg_from_mpoad+0x10/0x10\\n[    3.334501]  ? __alloc_skb+0x1c0/0x310\\n[    3.334809]  ? __pfx___alloc_skb+0x10/0x10\\n[    3.335283]  ? _raw_spin_lock+0xe0/0xe0\\n[    3.335632]  ? finish_wait+0x8d/0x1e0\\n[    3.335975]  vcc_sendmsg+0x684/0xba0\\n[    3.336250]  ? __pfx_vcc_sendmsg+0x10/0x10\\n[    3.336587]  ? __pfx_autoremove_wake_function+0x10/0x10\\n[    3.337056]  ? fdget+0x176/0x3e0\\n[    3.337348]  __sys_sendto+0x4a2/0x510\\n[    3.337663]  ? __pfx___sys_sendto+0x10/0x10\\n[    3.337969]  ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\\n[    3.338364]  ? sock_ioctl+0x1bb/0x5a0\\n[    3.338653]  ? __rseq_handle_notify_resume+0x825/0xd20\\n[    3.339017]  ? __pfx_sock_ioctl+0x10/0x10\\n[    3.339316]  ? __pfx___rseq_handle_notify_resume+0x10/0x10\\n[    3.339727]  ? selinux_file_ioctl+0xa4/0x260\\n[    3.340166]  __x64_sys_sendto+0xe0/0x1c0\\n[    3.340526]  ? syscall_exit_to_user_mode+0x123/0x140\\n[    3.340898]  do_syscall_64+0xa6/0x1a0\\n[    3.341170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n[    3.341533] RIP: 0033:0x44a380\\n[    3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\\n[    \\n---truncated---\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.292\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.236\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.180\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.133\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.86\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.22\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.10\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14.1\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.15\", \"versionStartIncluding\": \"2.6.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-26T05:16:40.322Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-22018\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:41:03.748Z\", \"dateReserved\": \"2024-12-29T08:45:45.806Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-04-16T05:04:54.697Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.