CVE-2025-38705 is a vulnerability in the drm/amd/pm code that affects Azure Linux, as confirmed by Microsoft's MSRC advisory. While Azure Linux is the only Microsoft product explicitly validated as shipping the vulnerable component, the practical impact may extend to other Microsoft kernel builds depending on their inclusion of the open-source code. This tag covers discussions about the scope of affected Microsoft products, the nuances of Microsoft's advisory, and the broader implications for systems using the vulnerable AMD power management driver. Users exploring this tag will find analysis of which Microsoft products are truly at risk and guidance on assessing exposure beyond the official advisory.
-
Headline
Is Azure Linux truly the only Microsoft product that ships the vulnerable drm/amd/pm code (CVE‑2025‑38705)? Short answer, nuance first — no, not necessarily — but the practical impact depends on which Microsoft kernel builds you actually run.
Lead
Microsoft’s MSRC advisory for...