An attacker with network access to an Azure Linux 3.0 host running the batman-adv module could exploit this vulnerability remotely, without credentials, to corrupt kernel memory — potentially crashing the system or gaining unauthorized control. Affected workloads on Azure Linux 3.0 face risk of unplanned downtime, data loss, or full system compromise depending on what the affected host processes. Organizations in regulated industries running Azure Linux 3.0 for workloads handling sensitive data should treat unpatched exposure as an open risk until the April 2026 patch is confirmed deployed.
You Are Affected If
You run Microsoft Azure Linux 3.0 (azl3) with kernel version 6.6.130.1-3 or earlier in production
The batman-adv kernel module is loaded on affected hosts (confirm via 'lsmod | grep batman_adv')
Affected hosts are reachable from untrusted networks or the internet without Layer 2 isolation
The Microsoft April 2026 Patch Tuesday kernel update has not yet been applied to your Azure Linux 3.0 fleet
Kernel module blacklisting for batman-adv is not enforced as part of your hardening baseline
Board Talking Points
A critical, remotely exploitable vulnerability in Azure Linux 3.0 kernel infrastructure requires immediate patching — no attacker credentials or user interaction are needed to trigger it.
Security teams should apply Microsoft's April 2026 patch to all Azure Linux 3.0 systems within 72 hours and verify completion before end of week.
Unpatched systems remain exposed to potential service disruption or unauthorized access, with no mitigating factor currently listed by CISA.
