A successful attack against this vulnerability could allow an unauthorized party to take full control of an Azure Linux 3.0 server or force it offline, with no login credentials required. Systems hosting file shares, data pipelines, or cloud workloads over SMB Direct are directly exposed, creating risk of data theft, workload disruption, or lateral movement into connected infrastructure. Downtime to critical storage or compute infrastructure carries direct revenue and operational consequences, and any unauthorized access to data hosted on affected systems may trigger breach notification obligations depending on data classification.
You Are Affected If
You run Azure Linux 3.0 with the azl3 kernel package version 6.6.130.1-3 in production
SMB Direct (RDMA-based SMB transport) is enabled on affected hosts
Affected hosts are reachable from untrusted networks or multi-tenant environments without RDMA traffic filtering
You have not applied the Microsoft Patch Tuesday April 2026 kernel update for Azure Linux 3.0
RDMA-capable network adapters are present and SMB Direct is not explicitly disabled via modprobe configuration
Board Talking Points
A critical flaw in the Linux kernel used by our Azure Linux 3.0 systems could allow an attacker to take control of or crash affected servers without any login credentials.
IT and security teams should apply the April 2026 Microsoft patch to all affected Azure Linux 3.0 hosts within 24-48 hours, prioritizing internet-facing and data-bearing systems.
Without patching, affected systems remain exposed to remote takeover or disruption, with potential downstream impact to operations and data security obligations.
