{"id":"AZL-65714","summary":"CVE-2025-38456 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:msghandler: Fix potential memory corruption in ipmi_create_user()\n\nThe \"intf\" list iterator is an invalid pointer if the correct\n\"intf-\u003eintf_num\" is not found.  Calling atomic_dec(&intf-\u003enr_users) on\nand invalid pointer will lead to memory corruption.\n\nWe don't really need to call atomic_dec() if we haven't called\natomic_add_return() so update the if (intf-\u003ein_shutdown) path as well.","modified":"2026-04-01T05:20:37.595795Z","published":"2025-07-25T16:15:31Z","upstream":["CVE-2025-38456"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38456"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65714.json"}}],"schema_version":"1.7.5"}