AZL-64958

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64958.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-64958

Upstream

CVE-2025-38310

Published

2025-07-10T08:15:29Z

Modified

2026-04-21T04:32:37.537502Z

Summary

CVE-2025-38310 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

seg6: Fix validation of nexthop addresses

The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space provided a shorter length than the specified one.

Fix by validating that the provided length exactly matches the specified one.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38310

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64958.json"