You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 37905
About this tag
CVE-2025-37905 is a Linux kernel vulnerability that has been flagged by Microsoft's MSRC attestation as potentially affecting Azure Linux. However, this attestation does not guarantee that other Microsoft products are free from the vulnerable open-source code. Operators should treat the MSRC guidance as an inventory statement for Azure Linux, not as a blanket exclusion for other Microsoft images, kernels, or artifacts. The vulnerability involves a component in the upstream Linux kernel, and its scope may extend beyond Azure Linux. Users are advised to monitor official advisories and apply patches as they become available.
The short answer is: no — Microsoft’s MSRC attestation naming Azure Linux as “potentially affected” does not prove that Azure Linux is the only Microsoft product that could carry the vulnerable open‑source code. Microsoft’s advisory is an authoritative inventory statement for Azure Linux itself...