You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 40096
About this tag
CVE-2025-40096 is a Linux-kernel vulnerability in the DRM scheduler (drm/sched) that can cause a double free when dependency handling fails. Microsoft's Security Response Center (MSRC) has issued an attestation stating that Azure Linux includes the affected open-source component and is potentially vulnerable. However, this attestation does not guarantee that other Microsoft products—such as WSL, linux-azure kernels, or Marketplace images—are unaffected. Artifact-level verification is needed to determine exposure across these products. The tag covers discussions about the CVE's impact on Azure Linux and the broader Microsoft ecosystem.
A recently assigned Linux-kernel CVE — CVE-2025-40096 — discloses a memory-management defect in the kernel DRM scheduler (drm/sched) that can produce a double free when dependency handling fails, and Microsoft’s Security Response Center (MSRC) has published a product-level attestation stating...