AZL-62583

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62583.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62583

Upstream

CVE-2025-22106

Published

2025-04-16T15:16:04Z

Modified

2026-04-01T05:20:05.884419Z

Summary

CVE-2025-22106 affecting package kernel for versions less than 6.6.112.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

vmxnet3: unregister xdp rxq info in the reset path

vmxnet3 does not unregister xdp rxq info in the vmxnet3resetwork() code path as vmxnet3rqdestroy() is not invoked in this code path. So, we get below message with a backtrace.

Missing unregister, handled but fix driver WARNING: CPU:48 PID: 500 at net/core/xdp.c:182 _xdprxqinforeg+0x93/0xf0

This patch fixes the problem by moving the unregister code of XDP from vmxnet3rqdestroy() to vmxnet3rqcleanup().

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22106

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.112.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62583.json"