🟠 High | Source: Microsoft Security Response Center
CVE-2025-21825 is a Linux kernel vulnerability affecting the BPF (Berkeley Packet Filter) timer subsystem, specifically in real-time kernel configurations (PREEMPT_RT). The flaw relates to improper cancellation of running BPF timers, which could lead to use-after-free conditions or system instability. This matters for Azure environments running Linux-based virtual machines or containerised workloads on real-time kernel builds.
Security Architect’s Take: Review whether any Azure Linux VMs or AKS node pools are running PREEMPT_RT-enabled kernels, and prioritise applying the relevant kernel patch. If real-time kernels are not in use, exposure is minimal, but standard patching cycles should still account for this fix.
Original advisory: CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT