CVE-2025-38542

MEDIUM EPSS 4.4%
Published Aug 16, 202510mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 16, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_create() When updating an existing route entry in atrtr_create(), the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix this by calling dev_put() to release the old device reference before holding the new one.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥2.6.13  –  <5.4.296
linuxlinux_kernel*≥5.5  –  <5.10.240
linuxlinux_kernel*≥5.11  –  <5.15.189
linuxlinux_kernel*≥5.16  –  <6.1.146
linuxlinux_kernel*≥6.2  –  <6.6.99
linuxlinux_kernel*≥6.7  –  <6.12.39
linuxlinux_kernel*≥6.13  –  <6.15.7
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/473f3eadfc73b0fb6d8dee5829d19a5772e387f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a17370da6e476d3d275534e9e9cd2d02c57ca46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64124cf0aab0dd1e18c0fb5ae66e45741e727f8b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/711c80f7d8b163d3ecd463cd96f07230f488e750
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7852b01793669248dce0348d14df89e77a32afd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b2f5dfa87367fdce9f8b995bc6c38f64f9ea2c90
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b92bedf71f25303e203a4e657489d76691a58119
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2e9f50f0bdad73b64a871f25186b899624518c4
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/473f3eadfc73b0fb6d8dee5829d19a5772e387f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a17370da6e476d3d275534e9e9cd2d02c57ca46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/64124cf0aab0dd1e18c0fb5ae66e45741e727f8b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/711c80f7d8b163d3ecd463cd96f07230f488e750
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7852b01793669248dce0348d14df89e77a32afd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b2f5dfa87367fdce9f8b995bc6c38f64f9ea2c90
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b92bedf71f25303e203a4e657489d76691a58119
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2e9f50f0bdad73b64a871f25186b899624518c4
    Patch