kernel security

Microsoft’s short, specific attestation — that Azure Linux includes the open‑source library tied to CVE‑2025‑38722 — is accurate for the product inventory Microsoft has completed so far, but it is not a technical guarantee that no other Microsoft product could include the same vulnerable code...

Microsoft’s advisory naming Azure Linux as an explicitly tracked distribution for CVE-2025-39859 correctly focuses customer attention, but it does not mean Azure Linux is the only Microsoft product that could include the vulnerable open‑source component — any Microsoft kernel artifact or image...

Microsoft’s advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is a product‑scope attestation — it is an authoritative statement for Azure Linux only at the time of publication, not a categorical guarantee that no other Microsoft product ships the...

A small, defensive code fix in the AMDGPU DRM driver closed a kernel NULL‑dereference that could be trivially triggered in some environments, producing a denial‑of‑service; the vulnerability is tracked as CVE‑2024‑26672 and instructs operators to update kernels or apply vendor patches...

The Linux kernel patch addressing CVE-2023-53209 fixes a simple but consequential logic error in the mac80211 hardware‑simulation driver (mac80211_hwsim): the code could call mac80211_hwsim_select_tx_link and dereference a station pointer (sta) without verifying it was non‑NULL, creating a...

The Linux kernel patch addressing CVE-2023-53231 changes a small piece of EROFS (the Enhanced Read‑Only File System) code—yet it fixes a subtle correctness bug that, in the worst case, can lead to kernel instability and availability loss when decompression work is performed in the wrong context...

The Linux kernel security record for CVE-2022-50303 closes a small but consequential race-and-error path in the AMD GPU stack: a double release of a compute PASID (process address space identifier) in the drm/amdkfd code that can produce deterministic kernel oopses and sustained...

A short, targeted kernel fix landed this week that closes a subtle but real correctness bug in the SCSI generic driver (sg): the function responsible for finishing a removed request, sg_finish_rem_req, was calling blk_rq_unmap_user while interrupts were disabled — and blk_rq_unmap_user can...

A rare but real race in the GFS2 cluster filesystem has been closed: CVE-2025-40242 addresses an unlikely timing window in gdlm_put_lock where the unmount sequence could free a glock while DLM callbacks still had a live path to it, producing a use-after-free that can crash or corrupt a kernel...

Microsoft’s initial advisory for CVE-2025-39829 makes a narrow, but important, claim: Azure Linux is the Microsoft product Microsoft has identified so far as including the affected open‑source component (the kernel trace fgraph notifier code), and Microsoft will update its CVE/VEX attestations...

The Linux kernel Global File System 2 (GFS2) just earned a new CVE — CVE‑2025‑38659 — for a defect described upstream as “No more self recovery,” and Microsoft’s initial public position names the Azure Linux distro as a confirmed shipper of the affected code while stating it will update the...

The Linux kernel vulnerability CVE-2025-38626 — a correctness fix in the F2FS (Flash‑Friendly File System) driver that ensures foreground garbage collection is triggered earlier when mounted with mode=lfs — has triggered questions about which Microsoft products, if any, carry the vulnerable...

Microsoft’s Windows ecosystem has another reminder: if your system’s Core isolation — specifically the Memory integrity (HVCI) setting is turned off, you are meaningfully increasing your exposure to kernel‑level and driver attacks; consumers and IT teams are being urged to enable it where...

Microsoft’s latest push to “raise the bar” for Windows drivers is one of the clearest, most consequential platform moves in years — it changes not just how drivers are certified and signed, but how much driver code Microsoft expects to live in the kernel at all, and it creates new technical...

Microsoft has confirmed a denial‑of‑service flaw in the Storvsp.sys storage Virtualization Service Provider (VSP) driver — tracked as CVE‑2025‑60708 — that allows a locally authorized attacker to trigger a kernel‑mode crash by exploiting an untrusted pointer dereference in the driver, and...

EDR-Redir V2 is the latest proof‑of‑concept tool to exploit Windows’ new bind link facility and the cloud filter stack to create parent‑level filesystem redirections that can blind Endpoint Detection and Response (EDR) products — including a demonstrated bypass of Windows Defender on Windows 11...

The Linux kernel recently received a small but important patch labelled under CVE‑2025‑40051 that tightens how the vhost/vringh code checks return values from copy_from_iter and copy_to_iter; the fix changes the test from “is the result negative” to “did we copy exactly the number of bytes...

A small, surgical fix in the Linux kernel’s CoreSight TRBE driver has been assigned CVE‑2025‑40060 after maintainers corrected an error‑handling mismatch that could otherwise produce a kernel panic on affected systems. Background / Overview The vulnerability lives in the Linux kernel CoreSight...

The Linux kernel patch addressing CVE-2025-40040 fixes a subtle but consequential flag-dropping bug in the KSM madvise path: under specific 64-bit builds a bitwise operation in ksm_madvise could inadvertently clear the upper 32 bits of a VMA’s vm_flags, removing userfaultfd (UFFD) flags and...

A small change in the OCFS2 kernel code — setting a freed pointer to NULL — resolved a formally assigned CVE but highlights a perennial class of Linux kernel risks: double‑free memory corruption that can destabilize hosts, complicate multi‑tenant environments, and, in some cases, provide a local...