cve 2025 37770

About this tag
CVE-2025-37770 is a medium-severity Linux kernel vulnerability in the AMD DRM power-management code (drm/amd/pm path), caused by missing input validation. Microsoft's Azure Linux includes the affected open-source library and is therefore potentially impacted, but the company's product-scoped attestation does not rule out other Microsoft products containing the same vulnerable kernel code. Discussions on WindowsForum.com examine the scope of Microsoft's disclosure, the technical details of the vulnerability, and the implications for enterprise users running Azure Linux or other Microsoft offerings that may incorporate the affected Linux kernel components.
  1. Azure Linux Attestation and CVE-2025-37770: What Microsoft Verified

    Microsoft’s brief public note — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate for the product it names, but it is a product‑scoped attestation, not proof that no other Microsoft product could contain the same vulnerable kernel code...