cve 2025 37956

CVE-2025-37956 is a vulnerability in the Linux kernel's in-kernel SMB server, ksmbd, which has been fixed upstream. Discussions on WindowsForum.com emphasize that while Microsoft has attested that Azure Linux includes the affected open-source library and is potentially impacted, this attestation should not be assumed to cover all Microsoft products. Defenders are advised to treat Microsoft's Azure Linux statement as authoritative for that product family but must independently inventory and verify other Microsoft-distributed kernel artifacts such as WSL kernels, linux-azure builds, AKS node images, and Marketplace images until they are confirmed patched. The tag covers patching guidance and audit considerations for this specific CVE.