🟠 High | Source: Microsoft Security Response Center
CVE-2025-40158 is a Linux kernel vulnerability affecting IPv6 packet output handling, specifically a race condition in the ip6_output() function that lacks proper RCU (Read-Copy-Update) locking. This type of flaw can lead to use-after-free memory corruption, potentially allowing an attacker to crash the system or execute arbitrary code. It is relevant to Azure environments running Linux-based virtual machines or containerised workloads where the underlying kernel is exposed.
Security Architect’s Take: Review your Azure Linux VM and AKS node pool images to confirm whether the affected kernel version is in use, and prioritise patching or updating to a kernel version with the RCU fix applied. If live patching is available via your distribution (e.g. Ubuntu Livepatch, Red Hat kpatch), apply it without waiting for a maintenance window.
Original advisory: CVE-2025-40158 ipv6: use RCU in ip6_output()