AZL-70448

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70448.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70448

Upstream

CVE-2025-38369

Published

2025-07-25T13:15:25Z

Modified

2026-04-01T05:21:45.677700Z

Summary

CVE-2025-38369 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using

Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent process of the container is terminated.

This issue occurs because, under certain configurations, Docker does not properly propagate the mount replica back to the original mount point.

In this case, when the user driver detaches, the WQ is destroyed but it still calls destroy_workqueue() attempting to completes all pending work. It's necessary to check wq->wq and skip the drain if it no longer exists.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38369

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70448.json"