CVE-2025-38323: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38323 was discovered in the Linux kernel and disclosed on July 10, 2025. The vulnerability affects the ATM networking subsystem, specifically in the net/atm/lec.c file, where an error path in lecdattach() function could leave a dangling pointer in devlec[] array (NVD CVE).

The vulnerability is a use-after-free bug in the Linux kernel's ATM networking code. The issue occurs in the lecdattach() function within net/atm/lec.c, where a dangling pointer is left in devlec[] array. The bug manifests when calling lane_ioctl and can be triggered through specific error paths in the code. The vulnerability was discovered by the syzkaller fuzzing tool (NVD CVE).

The vulnerability could lead to a use-after-free condition in the kernel, potentially allowing an attacker to execute arbitrary code or cause system crashes. The issue affects multiple Linux distributions including Debian's bullseye, bookworm, and trixie releases (Debian Tracker).

The vulnerability has been fixed in Linux kernel version 6.12.35-1 and later. The fix involves adding a mutex (lecmutex) to protect devlecp[] uses from lecdattach(), lecvccattach(), and lecmcast_attach() functions. The patch also implements this mutex protection for /proc/net/atm/lec operations (Debian Tracker).