Msrc Azl3 Kernel 6.6.104.2-4 On Azure Linux 3.0 vulnerabilities

CVE-2025-40107 [MEDIUM] can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most

CVE-2025-40109 [MEDIUM] crypto: rng - Ensure set_ent is always present crypto: rng - Ensure set_ent is always present Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-39968 [CRITICAL] i40e: add max boundary check for VF filters i40e: add max boundary check for VF filters FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2025-39973 [CRITICAL] i40e: add validation for ring_len param i40e: add validation for ring_len param FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2025-39970 [CRITICAL] i40e: fix input validation logic for action_meta i40e: fix input validation logic for action_meta FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2025-39985 [CRITICAL] can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-39972 [CRITICAL] i40e: fix idx validation in i40e_validate_queue_map i40e: fix idx validation in i40e_validate_queue_map FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-39967 [HIGH] fbcon: fix integer overflow in fbcon_do_set_font fbcon: fix integer overflow in fbcon_do_set_font FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2025-39994 [CRITICAL] media: tuner: xc5000: Fix use-after-free in xc5000_release media: tuner: xc5000: Fix use-after-free in xc5000_release FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2025-39898 [CRITICAL] e1000e: fix heap overflow in e1000_set_eeprom e1000e: fix heap overflow in e1000_set_eeprom FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2025-39971 [CRITICAL] i40e: fix idx validation in config queues msg i40e: fix idx validation in config queues msg FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2025-40096 [HIGH] drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2025-39980 [HIGH] nexthop: Forbid FDB status change while nexthop is in a group nexthop: Forbid FDB status change while nexthop is in a group FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2025-40052 [HIGH] smb: client: fix crypto buffers in non-linear memory smb: client: fix crypto buffers in non-linear memory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2025-40018 [HIGH] ipvs: Defer ip_vs_ftp unregister during netns cleanup ipvs: Defer ip_vs_ftp unregister during netns cleanup FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-39977 [HIGH] futex: Prevent use-after-free during requeue-PI futex: Prevent use-after-free during requeue-PI FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2025-40003 [HIGH] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2025-40035 [HIGH] Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2025-39905 [HIGH] net: phylink: add lock for serializing concurrent pl->phydev writes with resolver net: phylink: add lock for serializing concurrent pl->phydev writes with resolver FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2025-40044 [HIGH] fs: udf: fix OOB read in lengthAllocDescs handling fs: udf: fix OOB read in lengthAllocDescs handling FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo