Vulners
Lucene search
Azure Linux 3.0 Security Update: kernel (CVE-2025-37824)
| Reporter | Title | Published | Views | Family All 275 |
|---|---|---|---|---|
 | Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-094 (ALASKERNEL-5.10-2025-094) | 9 Jun 202500:00 | – | nessus |
| Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-102 (ALASKERNEL-5.4-2025-102) | 29 May 202500:00 | – | nessus |
| Debian dla-4178 : ata-modules-5.10.0-34-armmp-di - security update | 26 May 202500:00 | – | nessus |
| Debian dla-4193 : linux-config-6.1 - security update | 29 May 202500:00 | – | nessus |
| EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-2012) | 10 Sep 202500:00 | – | nessus |
| EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-2043) | 10 Sep 202500:00 | – | nessus |
| EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2198) | 11 Oct 202500:00 | – | nessus |
| EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2230) | 11 Oct 202500:00 | – | nessus |
| EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2264) | 24 Oct 202500:00 | – | nessus |
| EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2296) | 24 Oct 202500:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(296185);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/22");
script_cve_id("CVE-2025-37824");
script_name(english:"Azure Linux 3.0 Security Update: kernel (CVE-2025-37824)");
script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2025-37824 advisory.
- In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in
tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general protection
fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-
deref in range [0x0000000000000000-0x0000000000000007] CPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not
tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events tipc_net_finalize_work RIP:
0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719 ... RSP: 0018:ffffc9000356fb68 EFLAGS:
00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba RDX: 0000000000000000 RSI:
ffffffff8dbc56a7 RDI: ffff88804c2cc010 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007 R13: fffffbfff2111097 R14:
ffff88804ead8000 R15: ffff88804ead9010 FS: 0000000000000000(0000) GS:ffff888097ab9000(0000)
knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000f720eb00 CR3:
000000000e182000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK>
tipc_net_finalize+0x10b/0x180 net/tipc/net.c:140 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> ... RIP:
0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719 ... RSP: 0018:ffffc9000356fb68 EFLAGS:
00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba RDX: 0000000000000000 RSI:
ffffffff8dbc56a7 RDI: ffff88804c2cc010 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007 R13: fffffbfff2111097 R14:
ffff88804ead8000 R15: ffff88804ead9010 FS: 0000000000000000(0000) GS:ffff888097ab9000(0000)
knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000f720eb00 CR3:
000000000e182000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 There is a racing condition between
workqueue created when enabling bearer and another thread created when disabling bearer right after that
as follow: enabling_bearer | disabling_bearer --------------- | ---------------- tipc_disc_timeout() | { |
bearer_disable() ... | { schedule_work(&tn->work); | tipc_mon_delete() ... | { } | ... |
write_lock_bh(&mon->lock); | mon->self = NULL; | write_unlock_bh(&mon->lock); | ... | }
tipc_net_finalize_work() | } { | ... | tipc_net_finalize() | { | ... | tipc_mon_reinit_self() | { | ... |
write_lock_bh(&mon->lock); | mon->self->addr = tipc_own_addr(net); | write_unlock_bh(&mon->lock); | ...
---truncated--- (CVE-2025-37824)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2025-37824");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-37824");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/08");
script_set_attribute(attribute:"patch_publication_date", value:"2025/07/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-intree-amdgpu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:python3-perf");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Azure Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);
if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);
var pkgs = [
{'reference':'bpftool-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-docs-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-docs-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-accessibility-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-accessibility-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-gpu-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-gpu-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-sound-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-sound-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-6.6.92.2-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-6.6.92.2-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jan 2026 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.15.5
EPSS0.00164