linux kernel

A subtle memory-management timing bug in the Linux kernel has been documented as CVE-2023-52576: an instance where IMA’s kexec cleanup code frees memblock-managed memory after the memblock allocator has already been torn down, producing a use‑after‑free that can lead to kernel instability and...

A memory‑management bug in the Linux kernel’s Qualcomm Atheros Wi‑Fi 7 driver — tracked as CVE‑2025‑37744 and described as “wifi: ath12k: fix memory leak in ath12k_pci_remove()” — has been fixed upstream, and Microsoft’s public advisory currently identifies Azure Linux as a product that...

The Linux kernel patch tracked as CVE-2025-37977 fixes a subtle but important UFS (Universal Flash Storage) configuration bug in the Exynos UFS host driver: when the device tree omits the dma-coherent property, descriptors are treated as non-cacheable but the IOC (I/O cache controller)...

A subtle lifetime-management bug in the Linux kernel’s module subsystem — tracked as CVE-2025-37995 — can lead to the kernel dereferencing an uninitialized completion pointer when code calls kobject_put() on certain internal module kobjects, creating a locally-triggered denial‑of‑service risk...

A recently assigned Linux-kernel CVE — CVE-2025-37982 — tracks a memory‑leak bug in the Texas Instruments wl1251 Wi‑Fi driver (the kernel file drivers/net/wireless/ti/wl1251/tx.c). The defect causes a socket buffer (skb) dequeued from the driver's transmit queue to be lost when the driver's...

The Linux kernel patch tracked as CVE-2025-37967 fixes a subtle but real deadlock in the USB Type‑C UCSI DisplayPort code — and while Microsoft’s public advisory correctly identifies Azure Linux as a Microsoft product that “includes this open‑source library and is therefore potentially...

A small, surgical change to the Linux kernel this spring closed a latent robustness hole in MediaTek’s PMIC input driver, but the bug and its patch underscore a repeated theme for embedded and mobile Linux users: tiny null-pointer mistakes in low-level drivers can produce outsized availability...

The Linux kernel vulnerability tracked as CVE‑2025‑37958 — described in upstream as mm/huge_memory: fix dereferencing invalid pmd migration entry — is a concurrency bug in the Transparent Huge Page (THP) migration code that can trigger invalid memory accesses and kernel crashes during certain...

Microsoft’s brief MSRC attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory statement, not a categorical proof that no other Microsoft product or image can contain the same vulnerable Linux...

A subtle one-line mistake in the Linux kernel's ath12k Wi‑Fi driver has produced a high‑impact stability and availability flaw: CVE-2025-37944 allows the driver to fetch the wrong ring buffer entry in monitor‑path processing, triggering invalid memory access that can crash or corrupt systems...

The Linux kernel’s ftrace subsystem received a targeted fix for a responsiveness issue that could turn into a local denial‑of‑service: a missing conditional reschedule inside ftrace_graph_set_hash() allowed long loops to hog the CPU and trigger the kernel’s softlockup watchdog under heavy...

The Linux kernel vulnerability tracked as CVE‑2025‑37933 — a correctness fix in the octeon_ep network driver that prevents a host hang during device reboot — is real, narrow, and already patched upstream. But Microsoft’s brief advisory that “Azure Linux includes this open‑source library and is...

The recently assigned CVE-2025-37921 patches a locking bug in the Linux kernel’s VXLAN vnifilter code that could leave the Forwarding Database (FDB) in an inconsistent state when a Virtual Network Identifier (VNI) is deleted. Microsoft’s public wording on the CVE names Azure Linux as a product...

The Linux kernel received a surgical but consequential fix in May 2025 for a memory‑corruption bug in the Broadcom/NetXtreme‑E network driver: bnxt_en: Fix out‑of‑bound memcpy() during ethtool -w — a defect that can produce KFENCE‑detected memory corruption when administrators attempt to...

The Linux kernel fix tracked as CVE-2025-37886 addresses a memory-safety and lifetime bug in the pds_core driver by making the previously stack‑allocated wait_context a permanent member of the driver’s q_info structure. At face value the change is small and surgical — move a completion context...

A small, targeted fix in the Linux kernel’s wangxun ngbe network driver—tracked as CVE‑2025‑37874 and described upstream as “net: ngbe: fix memory leak in ngbe_probe() error path”—has been published and patched in kernel trees. Microsoft’s MSRC advisory for this CVE states that “Azure Linux...

The Linux kernel fix tracked as CVE‑2025‑37857 — described upstream as “scsi: st: Fix array overflow in st_setup()” — is a real, targeted patch that removes an array overflow by sizing a local buffer from the incoming parms length rather than a hardcoded value. Microsoft’s public advisory for...

Microsoft’s brief advisory — “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate for the inventory Microsoft has completed, but it is not a technical guarantee that no other Microsoft product could contain the same vulnerable CIFS code. ]...

The Linux kernel received a narrowly scoped but operationally important fix for a warning that could surface during power‑management resume on systems using Broadcom's raw NAND controller driver — the issue is tracked as CVE‑2025‑37840 and resolves an uninitialized nand_operation used during PM...

Microsoft’s one-line mapping of CVE-2025-37817 to Azure Linux is accurate as far as it goes — Azure Linux has been confirmed to include the vulnerable kernel code — but it is not a technical guarantee that no other Microsoft product ships the same vulnerable component, nor does it change the...