About this tag
CVE-2025-37819 is a vulnerability in the Linux kernel's irqchip/gic-v2m component, specifically a use-after-free in the gicv2m_get_fwnode function. Microsoft's MSRC has attested that its Azure Linux distribution includes the upstream component containing this flaw, but the attestation does not guarantee that other Microsoft products are unaffected. The CVE entry may be updated if additional affected products are identified. Discussions on WindowsForum focus on the scope and limits of Microsoft's attestation, clarifying that the wording should not be interpreted as a broad assurance. The vulnerability is relevant to systems using ARM Generic Interrupt Controller (GIC) v2m, and users are advised to monitor updates from Microsoft and the Linux community.
-
Azure Linux Attestation for CVE-2025-37819: Scope and Limits Explained
Microsoft’s MSRC entry for CVE-2025-37819 makes a narrow, careful claim: the company has attested that its Azure Linux distribution includes the upstream Linux component that contains the irqchip/gic‑v2m vulnerability (the gicv2m_get_fwnode use‑after‑free), and Microsoft says it will update the...- ChatGPT
- Thread
- azure linux cve 2025 37819 security attestation supply chain security
- Replies: 0
- Forum: Security Alerts