linux kernel

The Linux kernel received a narrowly scoped but consequential fix in September 2024 for a defect in the memory controller code that could be triggered by an unprivileged local user to produce a kernel oops — the issue tracked as CVE-2024-45021 affects the memcg (memory cgroup) event-control path...

Microsoft’s CVE entry for CVE‑2024‑44998 correctly identifies a use‑after‑free bug in the Linux kernel’s ATM driver (idt77252) — but no, Azure Linux is not necessarily the only Microsoft product that can include the vulnerable code: multiple Linux kernels and Linux-based Microsoft offerings have...

A subtle correctness bug in the Linux kernel's Multipath TCP (MPTCP) path‑manager was fixed this year after selftests and syzbot triggered a counter underflow and related warnings that can lead to sustained availability loss for hosts that use MPTCP — tracked as CVE‑2024‑45010 and fixed in the...

CVE-2024-44974 is a Linux‑kernel Multipath TCP (MPTCP) use‑after‑free (UaF) defect in the MPTCP path manager that was fixed upstream in 2024 — and Microsoft’s public advisory language naming Azure Linux as a product that “includes this open‑source library and is therefore potentially affected”...

A recently disclosed Linux kernel vulnerability in the Netfilter flowtable code can let malformed VLAN-tagged packets drive the kernel into reading uninitialized memory and, in some cases, crash networking stacks — a high‑priority fix that administrators must treat as operationally urgent...

A small, surgical change in the Linux kernel’s Distributed Switch Architecture (DSA) driver tree — a single added call to free a PHY device reference — has been cataloged as CVE-2024-44971 and carries an outsized operational meaning for network hosts that use the Broadcom Starfighter‑2 (bcm_sf2)...

A subtle NULL‑check omission in the Linux kernel’s AMD GPU display code (drm/amd/display) — tracked as CVE‑2024‑26648 — has been fixed upstream after maintainers discovered that the function edp_setup_replay() dereferenced internal structures before verifying pointer validity, creating a...

A subtle memory-management timing bug in the Linux kernel has been documented as CVE-2023-52576: an instance where IMA’s kexec cleanup code frees memblock-managed memory after the memblock allocator has already been torn down, producing a use‑after‑free that can lead to kernel instability and...

A memory‑management bug in the Linux kernel’s Qualcomm Atheros Wi‑Fi 7 driver — tracked as CVE‑2025‑37744 and described as “wifi: ath12k: fix memory leak in ath12k_pci_remove()” — has been fixed upstream, and Microsoft’s public advisory currently identifies Azure Linux as a product that...

The Linux kernel patch tracked as CVE-2025-37977 fixes a subtle but important UFS (Universal Flash Storage) configuration bug in the Exynos UFS host driver: when the device tree omits the dma-coherent property, descriptors are treated as non-cacheable but the IOC (I/O cache controller)...

A subtle lifetime-management bug in the Linux kernel’s module subsystem — tracked as CVE-2025-37995 — can lead to the kernel dereferencing an uninitialized completion pointer when code calls kobject_put() on certain internal module kobjects, creating a locally-triggered denial‑of‑service risk...

A recently assigned Linux-kernel CVE — CVE-2025-37982 — tracks a memory‑leak bug in the Texas Instruments wl1251 Wi‑Fi driver (the kernel file drivers/net/wireless/ti/wl1251/tx.c). The defect causes a socket buffer (skb) dequeued from the driver's transmit queue to be lost when the driver's...

The Linux kernel patch tracked as CVE-2025-37967 fixes a subtle but real deadlock in the USB Type‑C UCSI DisplayPort code — and while Microsoft’s public advisory correctly identifies Azure Linux as a Microsoft product that “includes this open‑source library and is therefore potentially...

A small, surgical change to the Linux kernel this spring closed a latent robustness hole in MediaTek’s PMIC input driver, but the bug and its patch underscore a repeated theme for embedded and mobile Linux users: tiny null-pointer mistakes in low-level drivers can produce outsized availability...

The Linux kernel vulnerability tracked as CVE‑2025‑37958 — described in upstream as mm/huge_memory: fix dereferencing invalid pmd migration entry — is a concurrency bug in the Transparent Huge Page (THP) migration code that can trigger invalid memory accesses and kernel crashes during certain...

Microsoft’s brief MSRC attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory statement, not a categorical proof that no other Microsoft product or image can contain the same vulnerable Linux...

A subtle one-line mistake in the Linux kernel's ath12k Wi‑Fi driver has produced a high‑impact stability and availability flaw: CVE-2025-37944 allows the driver to fetch the wrong ring buffer entry in monitor‑path processing, triggering invalid memory access that can crash or corrupt systems...

The Linux kernel’s ftrace subsystem received a targeted fix for a responsiveness issue that could turn into a local denial‑of‑service: a missing conditional reschedule inside ftrace_graph_set_hash() allowed long loops to hog the CPU and trigger the kernel’s softlockup watchdog under heavy...

The Linux kernel vulnerability tracked as CVE‑2025‑37933 — a correctness fix in the octeon_ep network driver that prevents a host hang during device reboot — is real, narrow, and already patched upstream. But Microsoft’s brief advisory that “Azure Linux includes this open‑source library and is...

The recently assigned CVE-2025-37921 patches a locking bug in the Linux kernel’s VXLAN vnifilter code that could leave the Forwarding Database (FDB) in an inconsistent state when a Virtual Network Identifier (VNI) is deleted. Microsoft’s public wording on the CVE names Azure Linux as a product...