AZL-74327

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74327.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74327

Upstream

CVE-2025-68799

Published

2026-01-13T16:16:01Z

Modified

2026-04-01T05:22:22.458528Z

Summary

CVE-2025-68799 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

caif: fix integer underflow in cffrml_receive()

The cffrml_receive() function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length without validating that len >= 2.

If an attacker sends a malicious packet with a length field of 0 or 1 to an interface with FCS disabled, the subtraction causes an integer underflow.

This can lead to memory exhaustion and kernel instability, potential information disclosure if padding contains uninitialized kernel memory.

Fix this by validating that len >= 2 before performing the subtraction.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68799

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74327.json"