🟡 Medium | Source: Microsoft Security Response Center
CVE-2025-23131 is a vulnerability in the Linux kernel’s Distributed Lock Manager (DLM) subsystem that can cause a NULL pointer dereference (NPD) when a positive value is written to the ’event_done’ interface. This type of flaw can lead to a kernel crash, potentially enabling a denial-of-service condition on affected systems. It is relevant to Azure environments running Linux-based virtual machines or services that depend on the kernel’s DLM component.
Security Architect’s Take: Review whether your Azure Linux VM workloads or services utilise the DLM kernel subsystem, and ensure kernel patches addressing CVE-2025-23131 are applied promptly via your OS update pipeline or Azure’s automatic patching mechanisms.
Original advisory: CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done