{"id":"AZL-70067","summary":"CVE-2025-40198 affecting package kernel for versions less than 6.6.117.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid potential buffer over-read in parse_apply_sb_mount_options()\n\nUnlike other strings in the ext4 superblock, we rely on tune2fs to\nmake sure s_mount_opts is NUL terminated.  Harden\nparse_apply_sb_mount_options() by treating s_mount_opts as a potential\n__nonstring.","modified":"2026-04-01T05:21:54.446296Z","published":"2025-11-12T22:15:46Z","upstream":["CVE-2025-40198"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40198"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.117.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70067.json"}}],"schema_version":"1.7.5"}