CVE-2026-46274 is a Linux kernel vulnerability affecting the io-wq (io_uring work queue) subsystem, specifically a missing hash check in the io_wq_remove_pending() function. This flaw can lead to incorrect handling of predecessor nodes, potentially causing memory corruption or undefined behaviour. It is relevant to Azure environments where Linux-based virtual machines or container workloads rely on the affected kernel component.

Security Architect’s Take: Ensure Azure Linux VMs and AKS node pools are running patched kernel versions that include this fix; review your OS image update cadence and consider enabling automatic kernel updates for workloads exposed to untrusted or multi-tenant I/O operations.

Original advisory: CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()

CVE-2026-46293 is a Linux kernel vulnerability affecting the Microchip PolarFire SoC clock controller driver, specifically an out-of-bounds memory access that can occur during clock output registration. Although rooted in low-level kernel code, its presence in the Linux kernel means it could affect Azure infrastructure or Linux-based virtual machines and containers running on Azure. Out-of-bounds access flaws can potentially be exploited to cause system instability or, in more serious scenarios, enable privilege escalation.

Security Architect’s Take: Review whether your Azure Linux VMs, AKS node pools, or other Linux-based workloads run kernel versions affected by this driver vulnerability, and prioritise applying the relevant kernel patch via your distribution’s update mechanism or Azure’s automatic VM patching where available.

Original advisory: CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration

CVE-2026-46291 is a vulnerability in the Linux kernel’s CAAM (Cryptographic Acceleration and Assurance Module) driver, specifically affecting how HMAC key material is handled during hash digest key operations. The flaw can expose sensitive cryptographic key data through unguarded hex dumps, potentially leaking HMAC secrets into kernel logs or debug output. This matters because HMAC keys exposed in this way could undermine the integrity and authenticity guarantees of cryptographic operations running on affected systems, including those hosted in Azure environments using Linux-based virtual machines.

Security Architect’s Take: Review your Azure Linux VM and AKS node configurations to ensure kernel debug logging and crash dump access is restricted to authorised personnel, and prioritise patching the Linux kernel to a version that includes this fix. Additionally, audit any workloads relying on kernel-level HMAC operations for secrets management to assess exposure risk.

Original advisory: CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key

CVE-2026-46292 is a Linux kernel vulnerability affecting the power management domain (pmdomain) subsystem, specifically a flaw in the detach procedure for virtual devices within the Generic Power Domain (genpd) framework. While published via Microsoft’s Security Response Centre in the context of Azure, this is a kernel-level issue that could affect Linux-based virtual machines and container hosts. Improper handling of virtual device detachment may lead to memory corruption or instability, with potential security implications depending on exploitability.

Security Architect’s Take: Review whether your Azure Linux VM or AKS node pool images are running kernel versions affected by this flaw, and prioritise patching through your standard OS update pipeline or by adopting Microsoft’s latest endorsed Linux images. If you operate workloads with elevated kernel exposure — such as nested virtualisation or custom kernel modules — treat this with heightened urgency.

Original advisory: CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd

CVE-2026-43308 is a Linux kernel vulnerability in the btrfs filesystem driver, where an unexpected delayed reference type could trigger a kernel panic (BUG()). The fix prevents the kernel from crashing in this scenario by handling the unexpected condition gracefully. Although published via Microsoft’s security advisory channel for Azure, the underlying issue affects any Linux system using the btrfs filesystem, including Azure Linux-based virtual machines.

Security Architect’s Take: Review whether your Azure Linux VMs or AKS nodes are running kernels with btrfs as an active filesystem; if so, prioritise patching the host or guest kernel to the version that includes this fix. Monitor for Microsoft-released kernel updates for Azure-optimised Linux images and ensure your update pipelines apply them promptly.

Original advisory: CVE-2026-43308 btrfs: don’t BUG() on unexpected delayed ref type in run_one_delayed_ref()

CVE-2025-71072 addresses a flaw in the Linux kernel’s shared memory (shmem) subsystem related to improper recovery handling during rename failures. This type of vulnerability can lead to memory corruption or inconsistent filesystem state. While details remain limited, kernel-level memory management bugs can be exploited to cause instability or, in certain conditions, may be leveraged for privilege escalation.

Security Architect’s Take: Review whether your Azure Linux-based workloads — including AKS nodes, Linux VMs, and container hosts — are running kernel versions affected by this shmem rename issue, and prioritise patching via Azure Update Manager or your node image upgrade pipeline.

Original advisory: CVE-2025-71072 shmem: fix recovery on rename failures

CVE-2025-71073 is a Linux kernel vulnerability in the lkkbd (Linux keyboard) driver, where pending work is not properly cancelled before the device is freed, potentially causing a use-after-free condition. Although published via Microsoft’s Security Response Center under the Azure category, this is a kernel-level issue that could affect Linux-based virtual machines or containerised workloads running on Azure. If exploitable, such vulnerabilities can lead to memory corruption, system instability, or privilege escalation.

Security Architect’s Take: Review whether your Azure Linux VM images or AKS node pools are running kernel versions affected by this driver flaw, and apply available kernel patches promptly. If you manage custom Linux images, prioritise patching through your image pipeline and validate that automated OS update policies are enforced across your fleet.

Original advisory: CVE-2025-71073 Input: lkkbd - disable pending work before freeing device