AZL-68942

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68942.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68942

Upstream

CVE-2025-40071

Published

2025-10-28T12:15:41Z

Modified

2026-04-01T05:21:30.996708Z

Summary

CVE-2025-40071 affecting package kernel for versions less than 6.6.112.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

tty: n_gsm: Don't block input queue by waiting MSC

Currently gsmqueue() processes incoming frames and when opening a DLC channel it calls gsmdlciopen() which calls gsmmodemupdate(). If basic mode is used it calls gsmmodemupdvia_msc() and it cannot block the input queue by waiting the response to come into the same input queue.

Instead allow sending Modem Status Command without waiting for remote end to respond. Define a new function gsmmodemsendinitialmsc() for this purpose. As MSC is only valid for basic encoding, it does not do anything for advanced or when convergence layer type 2 is used.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40071

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.112.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68942.json"