Msrc Azl3 Kernel 6.6.85.1-2 On Azure Linux 3.0 vulnerabilities

CVE-2025-21999 [HIGH] proc: fix UAF in proc_get_inode() proc: fix UAF in proc_get_inode() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tra

CVE-2025-22004 [HIGH] CWE-416 net: atm: fix use after free in lec_send() net: atm: fix use after free in lec_send() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2025-21934 [HIGH] CWE-416 rapidio: fix an API misues when rio_add_net() fails rapidio: fix an API misues when rio_add_net() fails FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2025-21920 [HIGH] CWE-125 vlan: enforce underlying device type vlan: enforce underlying device type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is co

CVE-2025-21923 [HIGH] CWE-416 HID: hid-steam: Fix use-after-free when detaching device HID: hid-steam: Fix use-after-free when detaching device FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2025-21993 [HIGH] CWE-125 iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2025-21991 [HIGH] CWE-129 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2025-21919 [HIGH] CWE-787 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list sched/fair: Fix potential memory corruption in child_cfs_rq_on_list FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2025-21980 [MEDIUM] CWE-476 sched: address a potential NULL pointer dereference in the GRED scheduler. sched: address a potential NULL pointer dereference in the GRED scheduler. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o

CVE-2025-21951 [MEDIUM] CWE-667 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2025-21922 [MEDIUM] ppp: Fix KMSAN uninit-value warning with bpf ppp: Fix KMSAN uninit-value warning with bpf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2025-21918 [MEDIUM] CWE-476 usb: typec: ucsi: Fix NULL pointer access usb: typec: ucsi: Fix NULL pointer access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2025-22001 [MEDIUM] accel/qaic: Fix integer overflow in qaic_validate_req() accel/qaic: Fix integer overflow in qaic_validate_req() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2025-21917 [MEDIUM] CWE-476 usb: renesas_usbhs: Flush the notify_hotplug_work usb: renesas_usbhs: Flush the notify_hotplug_work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2025-22007 [MEDIUM] CWE-476 Bluetooth: Fix error code in chan_alloc_skb_cb() Bluetooth: Fix error code in chan_alloc_skb_cb() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-22010 [MEDIUM] CWE-667 RDMA/hns: Fix soft lockup during bt pages loop RDMA/hns: Fix soft lockup during bt pages loop FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2025-21957 [MEDIUM] CWE-476 scsi: qla1280: Fix kernel oops when debug level > 2 scsi: qla1280: Fix kernel oops when debug level > 2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2025-21937 [MEDIUM] Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2025-21948 [MEDIUM] CWE-476 HID: appleir: Fix potential NULL dereference at raw event handle HID: appleir: Fix potential NULL dereference at raw event handle FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-21996 [MEDIUM] CWE-908 drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source