A successful exploit of this vulnerability on an unpatched Azure Linux 3.0 host could give an attacker full control of the underlying server, potentially compromising any workloads, data, or credentials hosted on that system. For organizations running Azure Linux 3.0 in multi-tenant or production environments, this represents a meaningful risk of unauthorized data access or operational disruption. The patch is available and applying it is the lowest-cost way to close the exposure.
You Are Affected If
You run Azure Linux 3.0 with the azl3 kernel package version 6.6.130.1-3
The batman-adv kernel module is loaded or set to auto-load on affected hosts (check: lsmod | grep batman_adv)
Affected systems are network-accessible, particularly in multi-tenant or internet-facing configurations
The April 2026 Patch Tuesday kernel update has not yet been applied and systems have not been rebooted to the patched kernel
You have not disabled or blacklisted the batman-adv module as a compensating control
Board Talking Points
A critical flaw in a core component of our Azure Linux 3.0 servers could allow an attacker to take full control of affected systems without requiring any credentials.
Microsoft released a patch in April 2026; IT teams should apply it to all affected servers within 24-48 hours and confirm completion.
If left unpatched, any internet-accessible Azure Linux 3.0 system running this kernel version remains an open door to full server compromise.
