AZL-63699

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-63699.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-63699

Upstream

CVE-2025-38003

Published

2025-06-08T11:15:20Z

Modified

2026-04-01T05:20:11.913410Z

Summary

CVE-2025-38003 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: add missing rcu read protection for procfs content

When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF).

As the removal of bcmop's is already implemented with rcu handling this patch adds the missing rcuread_lock() and makes sure the list entries are properly removed under rcu protection.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38003

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-63699.json"