Msrc Azl3 Kernel 6.6.92.2-1 On Azure Linux 3.0 vulnerabilities

CVE-2025-38082 [HIGH] gpio: virtuser: fix potential out-of-bound write gpio: virtuser: fix potential out-of-bound write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2025-38074 [MEDIUM] vhost-scsi: protect vq->log_used with vq->mutex vhost-scsi: protect vq->log_used with vq->mutex FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2025-38036 [MEDIUM] drm/xe/vf: Perform early GT MMIO initialization to read GMDID drm/xe/vf: Perform early GT MMIO initialization to read GMDID FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2025-38070 [MEDIUM] CWE-476 ASoC: sma1307: Add NULL check in sma1307_setting_loaded() ASoC: sma1307: Add NULL check in sma1307_setting_loaded() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2025-38088 [HIGH] powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-37947 [HIGH] ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd: prevent out-of-bounds stream writes by validating *pos FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2025-37921 [HIGH] vxlan: vnifilter: Fix unlocked deletion of default FDB entry vxlan: vnifilter: Fix unlocked deletion of default FDB entry FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2025-37914 [HIGH] net_sched: ets: Fix double list add in class with netem as child qdisc net_sched: ets: Fix double list add in class with netem as child qdisc FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2025-37960 [MEDIUM] memblock: Accept allocated memory before use in memblock_double_array() memblock: Accept allocated memory before use in memblock_double_array() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2025-37738 [HIGH] ext4: ignore xattrs past end ext4: ignore xattrs past end FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency

CVE-2025-37849 [HIGH] CWE-416 KVM: arm64: Tear down vGIC on failed vCPU creation KVM: arm64: Tear down vGIC on failed vCPU creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2025-37797 [HIGH] net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a UAF vulnerability in class handling FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2025-37840 [HIGH] mtd: rawnand: brcmnand: fix PM resume warning mtd: rawnand: brcmnand: fix PM resume warning FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2025-37892 [HIGH] mtd: inftlcore: Add error check for inftl_read_oob() mtd: inftlcore: Add error check for inftl_read_oob() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2025-37798 [HIGH] codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-37997 [MEDIUM] netfilter: ipset: fix region locking in hash types netfilter: ipset: fix region locking in hash types FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2025-37968 [MEDIUM] iio: light: opt3001: fix deadlock due to concurrent flag access iio: light: opt3001: fix deadlock due to concurrent flag access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2025-37897 [MEDIUM] wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2025-37803 [HIGH] CWE-120 udmabuf: fix a buf size overflow issue during udmabuf creation udmabuf: fix a buf size overflow issue during udmabuf creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-37916 [HIGH] CWE-416 pds_core: remove write-after-free of client_id pds_core: remove write-after-free of client_id FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo