CVE-2025-21888 is a vulnerability in the Linux kernel's RDMA/mlx5 component, specifically in the handling of device-memory (DM) memory region deregistration. Microsoft's guidance identifies Azure Linux as the Microsoft product known to include the affected open-source component. Discussions on WindowsForum clarify that while Azure Linux is explicitly named, the vulnerability resides in an upstream kernel module that could affect other distributions. The tag covers technical analysis of the flaw, its impact on Azure Linux, and broader implications for Linux systems using the mlx5 driver.
-
Microsoft’s public guidance on CVE-2025-21888 names the Linux kernel’s RDMA/mlx5 component — specifically the branch that handles deregistration of device-memory (DM) memory regions — as the locus of the issue, and states that the Azure Linux distribution is the Microsoft product known to...