You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 37817
About this tag
CVE-2025-37817 is a kernel double-free vulnerability in the Linux kernel's mcb subsystem, specifically in the chameleon_parse_gdd function. This bug affects Azure Linux, as confirmed by Microsoft, but any product shipping an affected kernel version or an unpatched backport of the same code is potentially at risk. The vulnerability allows for a double-free condition, which could lead to system instability or exploitation. Users and administrators should apply security updates provided by their Linux distribution or Microsoft to mitigate the risk. The tag covers discussions about the vulnerability's impact, affected systems, and remediation steps.
Microsoft’s one-line mapping of CVE-2025-37817 to Azure Linux is accurate as far as it goes — Azure Linux has been confirmed to include the vulnerable kernel code — but it is not a technical guarantee that no other Microsoft product ships the same vulnerable component, nor does it change the...