{"id":"AZL-72983","summary":"CVE-2025-68338 affecting package kernel 6.6.126.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: microchip: Don't free uninitialized ksz_irq\n\nIf something goes wrong at setup, ksz_irq_free() can be called on\nuninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It\nleads to freeing uninitialized IRQ numbers and/or domains.\n\nUse dsa_switch_for_each_user_port_continue_reverse() in the error path\nto iterate only over the fully initialized ports.","modified":"2026-04-01T05:22:14.465578Z","published":"2025-12-23T14:16:40Z","upstream":["CVE-2025-68338"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68338"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"6.6.126.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72983.json"}}],"schema_version":"1.7.5"}