CVE-2025-38040 is a kernel-level vulnerability in the serial modem-control GPIO helpers (serial_mctrl_gpio) that was backported into multiple stable Linux kernel trees. Microsoft's advisory initially listed only Azure Linux, but the flaw affects any Microsoft product that ships, distributes, or runs a Linux kernel configured with those helpers, including Windows Subsystem for Linux (WSL). The exposure risk extends beyond the initial disclosure, requiring administrators to verify all systems using affected kernel configurations. Discussions on WindowsForum highlight the need for thorough patching across Azure, WSL, and other Microsoft Linux deployments to ensure complete mitigation.
-
Microsoft’s advisory that CVE-2025-38040 affects “Azure Linux” is technically correct as a first-tranche disclosure, but it is incomplete as a statement of exposure risk for Microsoft’s entire product portfolio — and it understates what maintainers and operators need to check to be sure they are...