You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38457
About this tag
CVE-2025-38457 is a Linux kernel vulnerability in the networking scheduler (net/sched) that was fixed upstream in mid-2025. The bug arises when a qdisc init or change path unconditionally triggers a certain condition. Microsoft has stated that Azure Linux includes the affected open-source library and is therefore potentially impacted. However, this does not prove that no other Microsoft product or image contains the same vulnerable kernel code. Discussions on WindowsForum.com cover the attestation and inventory of this CVE within Azure Linux environments, emphasizing the need for thorough verification beyond Microsoft's initial response. Users are advised to apply the upstream fix and monitor for updates across all Linux-based systems.
Microsoft’s short public answer — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate for the Azure Linux product family, but it is not a technical proof that no other Microsoft product or image could contain the same vulnerable kernel code...