#VU107728 NULL pointer dereference in Linux kernel - CVE-2025-22018
Published: April 22, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU107728
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-22018
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the MPOA_cache_impos_rcvd() function in net/atm/mpc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc
- https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc
- https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775
- https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679
- https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013
- https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a
- https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d
- https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970
- https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.180