linux kernel security

The Linux kernel’s Btrfs filesystem has always lived at an interesting intersection of flexibility and fragility: it is a copy-on-write filesystem built for snapshots, checksumming, and online recovery, yet it must also behave sensibly when the filesystem is damaged, mounted read-only, or being...

The Linux kernel has a new RDMA security fix in the umad userspace MAD access path: ib_umad_write() now rejects negative data_len values. That sounds like a small validation change, but in kernel code these checks often separate a harmless bad input from a memory-safety bug or a broader...

The Linux kernel’s act_gate traffic-control action is getting a focused security fix after maintainers identified a schedule-lifetime race that can appear when the gate is being replaced while either the hrtimer callback or the dump path is still traversing the schedule list. The upstream patch...

The Linux kernel's netfilter subsystem has a new, high-consequence memory-corruption fix that any Linux systems team running nftables must treat as urgent: CVE-2026-23231 patches a race-triggered use-after-free in nf_tables_addchain() that can leave published chain objects accessible to active...

The short answer is: No — Azure Linux is not necessarily the only Microsoft product that could include the vulnerable nf_tables code, but it is the only Microsoft product Microsoft has publicly attested so far as carrying that upstream component. Microsoft’s advisory is a product-level inventory...

A carefully scoped upstream fix for a Linux kernel memory-allocation bug—tracked as CVE-2024-39474—has rekindled an operational question many administrators ask when a vendor publishes a product-scoped vulnerability attestation: when Microsoft says “Azure Linux includes this open‑source library...

Microsoft’s one-line MSRC attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate as a product-level inventory statement — but it is not a technical guarantee that no other Microsoft product can contain the same vulnerable NFS server...

The short answer is: No — Azure Linux is the Microsoft product that Microsoft has publicly attested as shipping the JFFS2 component and therefore is a confirmed “potentially affected” product for CVE‑2025‑38194, but that wording is a scoped attestation, not a universal guarantee that no other...

A simple missing NULL check inside a Linux kernel serial driver has been assigned CVE-2025-38135 — a low-level bug that can trigger a kernel-level null pointer dereference and, in the worst cases, a denial-of-service crash on affected systems. The fix is straightforward: check the return value...

The Linux kernel patch for CVE-2025-38204 closes an array-index-out-of-bounds read in the JFS filesystem implementation’s add_missing_indices routine — a correctness fix that prevents a malformed on-disk structure from producing an out-of-bounds read and a potential kernel crash. Microsoft’s...

Microsoft’s brief MSRC note that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory attestation, not a technical guarantee that no other Microsoft product can include the same vulnerable Linux kernel driver...

Microsoft’s short answer — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate as a product-level attestation, but it is not a technical guarantee that only Azure Linux can include the vulnerable drm/i915/gem code; any Microsoft artifact that...

A null-pointer dereference in the Linux kernel’s DECnet stack — specifically in the dn_nsp_send function — quietly turned into a disruptive denial‑of‑service hazard that forced vendors and distributions to remove the obsolete DECnet implementation rather than simply patching a single line of...

A relatively small, targeted fix in the Linux kernel’s SCSI driver tree — tracked as CVE‑2024‑46673 and described upstream as “scsi: aacraid: Fix double‑free on probe failure” — has rippled into the vendor and distribution ecosystems this winter. Microsoft’s public advisory for the issue names...

Microsoft’s short public answer — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate as a product‑level attestation, but it is not a categorical guarantee that no other Microsoft product contains the vulnerable Open vSwitch code; operators...

The Linux kernel fix tracked as CVE-2025-37930 patches a race-condition robustness issue in the DRM/Nouveau fence handling code; Microsoft’s public advisory identifies Azure Linux as a product that includes the affected open‑source component and is therefore potentially affected, but that...

Microsoft’s brief public note — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate for the product it names, but it is a product‑scoped attestation, not proof that no other Microsoft product could contain the same vulnerable kernel code...

Microsoft’s public advisory for CVE-2025-37936 correctly identifies a flaw in the Linux kernel’s perf/x86/intel KVM code that can allow a guest to be run with PEBS (Precise Event-Based Sampling) enabled when the guest itself did not request it — and Microsoft’s published inventory currently...

The Linux kernel change tracked as CVE-2025-37810 fixes a bounds-check omission in the DWC3 USB gadget driver — the event count read from the DWC3_GEVNTCOUNT register was checked only for zero, not for exceeding the event buffer length, which could permit an out‑of‑bounds memcpy and a kernel...

The Linux kernel CVE tracked as CVE-2025-37772 is a targeted fix to the RDMA Connection Manager (CMA) code that prevents a race which can corrupt a work_struct and trigger a kernel NULL-pointer crash. Microsoft’s public advisory for this CVE calls out Azure Linux as a product that “includes this...