In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code.… — CVE-2026-0038

Summary

Advisory CVE-2026-0038. In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code.… Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 8.4. See the official advisory for…

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions… CVE-2025-52194
• Azure Stack Hub Information Disclosure Vulnerability CVE-2025-53793
• Azure Virtual Machines Information Disclosure Vulnerability CVE-2025-53781
• Azure Virtual Machines Spoofing Vulnerability CVE-2025-49707
• bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls CVE-2025-38608
• bpf: Fix oob access in cgroup local storage CVE-2025-38502
• clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns CVE-2025-38499
• Desktop Window Manager Elevation of Privilege Vulnerability CVE-2025-50153
• Desktop Windows Manager Remote Code Execution Vulnerability CVE-2025-53152
• DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-53135
• DirectX Graphics Kernel Remote Code Execution Vulnerability CVE-2025-50176
• dmaengine: nbpfaxi: Fix memory corruption in probe() CVE-2025-38538