{"id":"AZL-39908","summary":"CVE-2019-25160 affecting package hyperv-daemons for versions less than 6.6.35.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: fix out-of-bounds memory accesses\n\nThere are two array out-of-bounds memory accesses, one in\ncipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk().  Both\nerrors are embarassingly simple, and the fixes are straightforward.\n\nAs a FYI for anyone backporting this patch to kernels prior to v4.8,\nyou'll want to apply the netlbl_bitmap_walk() patch to\ncipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before\nLinux v4.8.","modified":"2026-04-01T05:13:54.268340Z","published":"2024-02-26T18:15:06Z","upstream":["CVE-2019-25160"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25160"}],"affected":[{"package":{"name":"hyperv-daemons","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/hyperv-daemons"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.35.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39908.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}