cve 2025 22026

About this tag
CVE-2025-22026 is a Linux kernel vulnerability in the NFS server code, specifically in the nfsd component where the return code of svc_proc_register is ignored. Microsoft has publicly attested that Azure Linux includes the affected upstream component and is therefore potentially affected. However, this attestation is a product-level inventory statement and does not guarantee that no other Microsoft product contains the vulnerable code. Discussions on WindowsForum.com explore how to vet Microsoft artifacts for this CVE, emphasizing that Microsoft's wording, while precise, may be incomplete. Users are advised to verify the presence of the vulnerable code in their own environments rather than relying solely on Microsoft's attestations.
  1. CVE-2025-22026: Azure Linux attestation and how to vet other Microsoft artifacts

    Microsoft’s wording is precise but incomplete: for CVE‑2025‑22026 the company has publicly attested that Azure Linux includes the affected upstream component and is therefore potentially affected, but that attestation is a product‑level inventory statement — not proof that no other Microsoft...