Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2025 / CVE-2025-22018.json
blob: c885829f561df1dfb7f42f290494d00559ae3394 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry->use code in it.\n\nkasan log:\n\n[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[ 3.326430] Call Trace:\n[ 3.326725] <TASK>\n[ 3.326927] ? die_addr+0x3c/0xa0\n[ 3.327330] ? exc_general_protection+0x161/0x2a0\n[ 3.327662] ? asm_exc_general_protection+0x26/0x30\n[ 3.328214] ? vprintk_emit+0x15e/0x420\n[ 3.328543] ? eg_cache_remove_entry+0xa5/0x470\n[ 3.328910] ? eg_cache_remove_entry+0x9a/0x470\n[ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10\n[ 3.329664] ? console_unlock+0x107/0x1d0\n[ 3.329946] ? __pfx_console_unlock+0x10/0x10\n[ 3.330283] ? do_syscall_64+0xa6/0x1a0\n[ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[ 3.331090] ? __pfx_prb_read_valid+0x10/0x10\n[ 3.331395] ? down_trylock+0x52/0x80\n[ 3.331703] ? vprintk_emit+0x15e/0x420\n[ 3.331986] ? __pfx_vprintk_emit+0x10/0x10\n[ 3.332279] ? down_trylock+0x52/0x80\n[ 3.332527] ? _printk+0xbf/0x100\n[ 3.332762] ? __pfx__printk+0x10/0x10\n[ 3.333007] ? _raw_write_lock_irq+0x81/0xe0\n[ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10\n[ 3.333614] msg_from_mpoad+0x1185/0x2750\n[ 3.333893] ? __build_skb_around+0x27b/0x3a0\n[ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10\n[ 3.334501] ? __alloc_skb+0x1c0/0x310\n[ 3.334809] ? __pfx___alloc_skb+0x10/0x10\n[ 3.335283] ? _raw_spin_lock+0xe0/0xe0\n[ 3.335632] ? finish_wait+0x8d/0x1e0\n[ 3.335975] vcc_sendmsg+0x684/0xba0\n[ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10\n[ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10\n[ 3.337056] ? fdget+0x176/0x3e0\n[ 3.337348] __sys_sendto+0x4a2/0x510\n[ 3.337663] ? __pfx___sys_sendto+0x10/0x10\n[ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[ 3.338364] ? sock_ioctl+0x1bb/0x5a0\n[ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20\n[ 3.339017] ? __pfx_sock_ioctl+0x10/0x10\n[ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[ 3.339727] ? selinux_file_ioctl+0xa4/0x260\n[ 3.340166] __x64_sys_sendto+0xe0/0x1c0\n[ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140\n[ 3.340898] do_syscall_64+0xa6/0x1a0\n[ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 3.341533] RIP: 0033:0x44a380\n[ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[ \n---truncated---"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/atm/mpc.c"
],
"versions": [
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "ab92f51c7f53a08f1a686bfb80690ebb3672357d",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "1505f9b720656b17865e4166ab002960162bf679",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "d7f1e4a53a51cc6ba833afcb40439f18dab61c1f",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "0ef6e49881b6b50ac454cb9d6501d009fdceb6fc",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "9da6b6340dbcf0f60ae3ec6a7d6438337c32518a",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "09691f367df44fe93255274d80a439f9bb3263fc",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "3c23bb2c894e9ef2727682f98c341b20f78c9013",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "14c7aca5ba2740973de27c1bb8df77b4dcb6f775",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "bf2986fcf82a449441f9ee4335df19be19e83970",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/atm/mpc.c"
],
"versions": [
{
"version": "2.6.12",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.12",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.292",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.236",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.180",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.133",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.86",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.22",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.10",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.1",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "5.4.292"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "5.10.236"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "5.15.180"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.1.133"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.6.86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.12.22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.13.10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.14.1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "6.15"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d"
},
{
"url": "https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679"
},
{
"url": "https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f"
},
{
"url": "https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc"
},
{
"url": "https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a"
},
{
"url": "https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc"
},
{
"url": "https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013"
},
{
"url": "https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775"
},
{
"url": "https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970"
}
],
"title": "atm: Fix NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2025-22018",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}