cve 2025 38118

CVE-2025-38118 is a use-after-free (UAF) vulnerability in the Linux kernel's Bluetooth management code, specifically in the MGMT removal and completion paths. Microsoft's MSRC advisory confirms that Azure Linux includes the affected open-source library and is potentially impacted. This vulnerability is relevant to Windows users who run Linux workloads via WSL2, Azure Linux, or marketplace images. The discussion on WindowsForum.com clarifies that while Azure Linux is explicitly listed as affected, other Microsoft products may not be automatically free of the same Linux kernel Bluetooth code. Users should assess their exposure based on their use of Linux environments on Windows.