AZL-72974

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72974.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-72974

Upstream

CVE-2025-38474

Published

2025-07-28T12:15:29Z

Modified

2026-04-01T05:22:35.684467Z

Summary

CVE-2025-38474 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

usb: net: sierra: check for no status endpoint

The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38474

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72974.json"