🟠 High | Source: Microsoft Security Response Center
CVE-2025-68736 is a vulnerability in the Linux kernel’s Landlock security module, specifically relating to incorrect handling of disconnected directories. Landlock is a sandboxing mechanism that restricts what files and directories a process can access. A flaw in this logic could allow a process to access filesystem paths it should be denied, potentially bypassing intended access controls.
Security Architect’s Take: Review Linux-based Azure workloads — particularly containerised or sandboxed environments — and ensure kernel patches addressing this CVE are applied promptly. If you rely on Landlock for process-level filesystem isolation, treat this as a priority update until patched.
Original advisory: CVE-2025-68736 landlock: Fix handling of disconnected directories