Linux-Kernel

🟠 High | Source: Microsoft Security Response Center CVE-2026-46274 is a Linux kernel vulnerability affecting the io-wq (io_uring work queue) subsystem, specifically a missing hash check in the io_wq_remove_pending() function. This flaw can lead to incorrect handling of predecessor nodes, potentially causing memory corruption or undefined behaviour. It is relevant to Azure environments where Linux-based virtual machines or container workloads rely on the affected kernel component. Security Architect’s Take: Ensure Azure Linux VMs and AKS node pools are running patched kernel versions that include this fix; review your OS image update cadence and consider enabling automatic kernel updates for workloads exposed to untrusted or multi-tenant I/O operations. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2026-46293 is a Linux kernel vulnerability affecting the Microchip PolarFire SoC clock controller driver, specifically an out-of-bounds memory access that can occur during clock output registration. Although rooted in low-level kernel code, its presence in the Linux kernel means it could affect Azure infrastructure or Linux-based virtual machines and containers running on Azure. Out-of-bounds access flaws can potentially be exploited to cause system instability or, in more serious scenarios, enable privilege escalation. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2026-46291 is a vulnerability in the Linux kernel’s CAAM (Cryptographic Acceleration and Assurance Module) driver, specifically affecting how HMAC key material is handled during hash digest key operations. The flaw can expose sensitive cryptographic key data through unguarded hex dumps, potentially leaking HMAC secrets into kernel logs or debug output. This matters because HMAC keys exposed in this way could undermine the integrity and authenticity guarantees of cryptographic operations running on affected systems, including those hosted in Azure environments using Linux-based virtual machines. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2026-46292 is a Linux kernel vulnerability affecting the power management domain (pmdomain) subsystem, specifically a flaw in the detach procedure for virtual devices within the Generic Power Domain (genpd) framework. While published via Microsoft’s Security Response Centre in the context of Azure, this is a kernel-level issue that could affect Linux-based virtual machines and container hosts. Improper handling of virtual device detachment may lead to memory corruption or instability, with potential security implications depending on exploitability. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2026-43308 is a Linux kernel vulnerability in the btrfs filesystem driver, where an unexpected delayed reference type could trigger a kernel panic (BUG()). The fix prevents the kernel from crashing in this scenario by handling the unexpected condition gracefully. Although published via Microsoft’s security advisory channel for Azure, the underlying issue affects any Linux system using the btrfs filesystem, including Azure Linux-based virtual machines. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2025-71072 addresses a flaw in the Linux kernel’s shared memory (shmem) subsystem related to improper recovery handling during rename failures. This type of vulnerability can lead to memory corruption or inconsistent filesystem state. While details remain limited, kernel-level memory management bugs can be exploited to cause instability or, in certain conditions, may be leveraged for privilege escalation. Security Architect’s Take: Review whether your Azure Linux-based workloads — including AKS nodes, Linux VMs, and container hosts — are running kernel versions affected by this shmem rename issue, and prioritise patching via Azure Update Manager or your node image upgrade pipeline. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2025-71073 is a Linux kernel vulnerability in the lkkbd (Linux keyboard) driver, where pending work is not properly cancelled before the device is freed, potentially causing a use-after-free condition. Although published via Microsoft’s Security Response Center under the Azure category, this is a kernel-level issue that could affect Linux-based virtual machines or containerised workloads running on Azure. If exploitable, such vulnerabilities can lead to memory corruption, system instability, or privilege escalation. ...