cve 2025 37867

CVE-2025-37867 is a Linux kernel vulnerability in the RDMA stack, addressed by upstream maintainers who silenced an oversized kvmalloc() warning through a no-warn allocation flag. Microsoft's initial MSRC mapping identifies Azure Linux as a product that includes the affected open-source library, making it potentially vulnerable. However, this does not mean Azure Linux is the only Microsoft product that could contain the implicated kernel code; other Microsoft-distributed kernels and images may also carry the same upstream component depending on build choices and configuration. Defenders should treat the vulnerability broadly across relevant systems.