AZL-69956

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69956.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-69956

Upstream

CVE-2025-40111

Published

2025-11-12T02:15:33Z

Modified

2026-04-01T05:21:39.910010Z

Summary

CVE-2025-40111 affecting package kernel for versions less than 6.6.117.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix Use-after-free in validation

Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmwexecbufprocess. All nodes are expected to be cleared in vmwvalidationdrop_ht but this node escaped because its resource was destroyed prematurely.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40111

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.117.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69956.json"