cve 2025 40105

CVE-2025-40105 is a Linux kernel vulnerability that Microsoft has publicly attested affects Azure Linux. According to Microsoft's MSRC entry and machine-readable CSAF/VEX attestations, Azure Linux is the only Microsoft product currently confirmed to include the vulnerable upstream kernel code. Microsoft has committed to updating the CVE record if additional Microsoft SKUs are found to ship the same open-source code. The presence of the vulnerable code in other Microsoft artifacts depends on the specific kernel binary and configuration they ship, requiring artifact-level verification. This tag covers discussions about the scope of CVE-2025-40105 within Microsoft products and the process for identifying affected artifacts.