cve 2025 23145

CVE-2025-23145 is a Linux kernel vulnerability involving a NULL-pointer dereference in the Multipath TCP (MPTCP) code that can cause kernel panics and availability outages on systems with MPTCP support. A patch has been released to fix this bug. Microsoft has attested that Azure Linux includes the affected open-source library and is potentially impacted, but other Microsoft-distributed kernel artifacts may also be affected depending on their build configuration. This tag covers discussions about the vulnerability, its impact, and the patch for CVE-2025-23145.