bpf: Disable migration in nf_hook_run_bpf(). — CVE-2025-38640

Summary

Advisory CVE-2025-38640. bpf: Disable migration in nf_hook_run_bpf(). Vendor: Microsoft. Source: MSRC. Threat: medium. CVSS 5.5. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13… CVE-2026-23865
• fbdev: smscufx: properly copy ioctl memory to kernelspace CVE-2026-23236
• platform/x86: classmate-laptop: Add missing NULL pointer checks CVE-2026-23237
• romfs: check sb_set_blocksize() return value CVE-2026-23238
• scsi: qla2xxx: Fix bsg_done() causing double free CVE-2025-71238
• Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-37782
• __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756
• <vuln:Note Title="FAQ" Type="FAQ" Ordinal="10">&lt;p&gt;&lt;strong&gt;Is Azure Linux the only Microsoft product that inc CVE-2025-23167
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-27651
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2795
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2021-3602
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2021-3636