[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-38459":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":25,"related":26,"reserved_at":9,"published_at":27,"modified_at":28,"state":9,"summary":29,"references_raw":31,"kevs":38,"epss":9,"epss_history":39,"metrics":40,"affected":47},"DEBIAN-CVE-2025-38459","In the Linux kernel, the following vulnerability has been resolved:  atm: clip: Fix infinite recursive call of clip_push().  syzbot reported the splat below. [0]  This happens if we call ioctl(ATMARP_MKIP) more than once.  During the first call, clip_mkip() sets clip_push() to vcc->push(), and the second call copies it to clip_vcc->old_push().  Later, when the socket is close()d, vcc_destroy_socket() passes NULL skb to clip_push(), which calls clip_vcc->old_push(), triggering the infinite recursion.  Let's prevent the second ioctl(ATMARP_MKIP) by checking vcc->user_back, which is allocated by the first call as clip_vcc.  Note also that we use lock_sock() to prevent racy calls.  [0]: BUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000) Oops: stack guard page: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191 Code: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003C41> 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00 RSP: 0018:ffffc9000d670000 EFLAGS: 00010246 RAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000 RBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e R10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300 R13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578 FS:  000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0 Call Trace:  \u003CTASK>  clip_push+0x6dc/0x720 net/atm/clip.c:200  clip_push+0x6dc/0x720 net/atm/clip.c:200  clip_push+0x6dc/0x720 net/atm/clip.c:200 ...  clip_push+0x6dc/0x720 net/atm/clip.c:200  clip_push+0x6dc/0x720 net/atm/clip.c:200  clip_push+0x6dc/0x720 net/atm/clip.c:200  vcc_destroy_socket net/atm/common.c:183 [inline]  vcc_release+0x157/0x460 net/atm/common.c:205  __sock_release net/socket.c:647 [inline]  sock_close+0xc0/0x240 net/socket.c:1391  __fput+0x449/0xa70 fs/file_table.c:465  task_work_run+0x1d1/0x260 kernel/task_work.c:227  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]  exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114  exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]  syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]  syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]  do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100  entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff31c98e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003C48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f R10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c R13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090  \u003C/TASK> Modules linked in:",null,[],[],[],[14],{"_key":15},"CVE-2025-38459",[17,19,21,23],{"_key":18},"DLA-4327-1",{"_key":20},"DLA-4328-1",{"_key":22},"DSA-5973-1",{"_key":24},"DSA-5975-1",[],[],"2025-07-25T16:15:31.660Z","2026-04-28T20:29:58.666421Z",{"cisa_kev":30,"cisa_ransomware":30,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[32],{"url":33,"sources":34,"tags":36},"https://security-tracker.debian.org/tracker/CVE-2025-38459",[35],"osv_debian",[37],"Advisory",[],[],[41],{"source":35,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":42,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":9,"vectorString":44,"impactScore":45,"exploitabilityScore":46},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[48,69],{"ecosystem":49,"name":50,"vendor":51,"product":50,"cpe_part":9,"purl_type":52,"purl_namespace":51,"purl_name":50,"source":9,"versions":53},"Debian","linux","debian","deb",[54,60,63,66],{"version":55,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":59,"fixed_in":9},"lt5_10_244_1",true,"ecosystem","5.10.244-1","excluding",{"version":61,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":62,"version_end_type":59,"fixed_in":9},"lt6_1_147_1","6.1.147-1",{"version":64,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":65,"version_end_type":59,"fixed_in":9},"lt6_12_41_1","6.12.41-1",{"version":67,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":68,"version_end_type":59,"fixed_in":9},"lt6_16_3_1","6.16.3-1",{"ecosystem":49,"name":70,"vendor":51,"product":70,"cpe_part":9,"purl_type":52,"purl_namespace":51,"purl_name":70,"source":9,"versions":71},"linux-6.1",[72],{"version":73,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":74,"version_end_type":59,"fixed_in":9},"lt6_1_153_1~deb11u1","6.1.153-1~deb11u1"]