🟡 Medium | Source: Microsoft Security Response Center
CVE-2025-71073 is a Linux kernel vulnerability in the lkkbd (Linux keyboard) driver, where pending work is not properly cancelled before the device is freed, potentially causing a use-after-free condition. Although published via Microsoft’s Security Response Center under the Azure category, this is a kernel-level issue that could affect Linux-based virtual machines or containerised workloads running on Azure. If exploitable, such vulnerabilities can lead to memory corruption, system instability, or privilege escalation.
Security Architect’s Take: Review whether your Azure Linux VM images or AKS node pools are running kernel versions affected by this driver flaw, and apply available kernel patches promptly. If you manage custom Linux images, prioritise patching through your image pipeline and validate that automated OS update policies are enforced across your fleet.
Original advisory: CVE-2025-71073 Input: lkkbd - disable pending work before freeing device