You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38239
About this tag
CVE-2025-38239 is a Linux kernel vulnerability affecting the SCSI megaraid_sas driver, where an invalid node index can cause an out-of-bounds access when DRAM interleaving is enabled, leading to UBSAN errors. Microsoft has confirmed that Azure Linux includes the affected open-source library and is potentially impacted. However, this attestation does not guarantee that other Microsoft products are free from the vulnerable code. Operators should treat Azure Linux as a confirmed carrier and perform artifact-level verification across other Microsoft-distributed kernels and images to ensure comprehensive patch coverage.
Microsoft’s short answer — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is an authoritative, product‑level attestation, but it is not a technical guarantee that no other Microsoft product could contain the same vulnerable Linux kernel code...