{"id":"AZL-66365","summary":"CVE-2025-38510 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: remove kasan_find_vm_area() to prevent possible deadlock\n\nfind_vm_area() couldn't be called in atomic_context.  If find_vm_area() is\ncalled to reports vm area information, kasan can trigger deadlock like:\n\nCPU0                                CPU1\nvmalloc();\n alloc_vmap_area();\n  spin_lock(&vn-\u003ebusy.lock)\n                                    spin_lock_bh(&some_lock);\n   \u003cinterrupt occurs\u003e\n   \u003cin softirq\u003e\n   spin_lock(&some_lock);\n                                    \u003caccess invalid address\u003e\n                                    kasan_report();\n                                     print_report();\n                                      print_address_description();\n                                       kasan_find_vm_area();\n                                        find_vm_area();\n                                         spin_lock(&vn-\u003ebusy.lock) // deadlock!\n\nTo prevent possible deadlock while kasan reports, remove kasan_find_vm_area().","modified":"2026-04-01T05:20:57.323574Z","published":"2025-08-16T11:15:44Z","upstream":["CVE-2025-38510"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38510"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66365.json"}}],"schema_version":"1.7.5"}