linux kernel security

Microsoft’s published advisory on CVE-2025-37755 correctly identifies a kernel-level NULL-pointer handling bug in the Linux net subsystem (the libwx codepath) — but the phrasing that “Azure Linux includes this open‑source library and is therefore potentially affected” is an attestation for a...

Microsoft’s short public answer — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate for the product Microsoft has inventory‑checked, but it is not a categorical proof that Azure Linux is the only Microsoft product that could contain the...

A use‑after‑free defect in the Linux kernel’s SMB client — tracked as CVE-2024-35869 — has been fixed upstream and back‑ported by major distributors after disclosure; the bug can cause reliable crashes and memory corruption when the client walks DFS referrals, mounts DFS targets, or performs DFS...

The Linux kernel vulnerability tracked as CVE-2010-0291 — widely discussed at the time as the “do_mremap() mess” or the “mremap/mmap mess” — allowed an unprivileged local user to crash a system or, in some exploit scenarios, escalate to kernel privileges by abusing the kernel’s mmap/mremap logic...

The Linux kernel patch for CVE-2024-26836 corrects a subtle but important ordering bug in the platform/x86 think-lmi driver that could allow firmware attribute changes on Lenovo workstations to bypass intended Admin-password checks unless the driver runs the password opcode first — a fix that...