You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38251
About this tag
CVE-2025-38251 is a Linux kernel vulnerability in the ATM subsystem (net/atm/clip.c) where clip_push can dereference a NULL skb when clip_devs is NULL, leading to a kernel crash. Microsoft's advisory states that Azure Linux includes the affected open-source library and is potentially impacted, but this is a product-scoped attestation and does not guarantee that other Microsoft products are unaffected. The vulnerability is specific to the Linux kernel and does not affect Windows or other Microsoft operating systems. Discussions on WindowsForum.com focus on understanding the scope of the CVE, the accuracy of Microsoft's advisory, and the technical details of the kernel defect.
Microsoft’s short advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for the Azure Linux product family, but it is a product‑scoped attestation — not a categorical guarantee that no other Microsoft product can include the same...