You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38460
About this tag
CVE-2025-38460 is a null-pointer dereference vulnerability in the Linux kernel's ATM CLIP code. The flaw has been fixed upstream, and Microsoft has confirmed that Azure Linux is an attested product that includes the affected open-source library. However, exposure depends on whether other Microsoft products ship a Linux kernel built from a vulnerable tree with ATM/CLIP enabled and older than the upstream fixes. This tag covers discussions about the vulnerability's impact on Microsoft products, particularly Azure Linux, and the conditions under which other systems may be affected.
A short, unchecked null-pointer dereference in the Linux kernel’s ATM CLIP code — tracked as CVE‑2025‑38460 — has been assigned and fixed upstream, and Microsoft’s public guidance confirms Azure Linux as a confirmed attested product that includes the affected open‑source library; however, Azure...