cve 2025 22126

CVE-2025-22126 is a critical use-after-free vulnerability in the Linux kernel's MD (Multiple Devices) subsystem, caused by a race condition during iteration of the global list of md devices. The flaw was fixed upstream after researchers identified the bug in shutdown and cleanup code paths. Microsoft's advisory confirms that Azure Linux carries the affected upstream code, but this attestation does not independently prove or disprove exposure in other Microsoft-delivered artifacts. The tag covers discussion of the vulnerability, the upstream fix, and the implications for Azure Linux and related systems.