Msrc Azl3 Grub2 2.06-24 On Azure Linux 3.0 vulnerabilities

CVE-2025-0678 [HIGH] CWE-190 Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the mos

CVE-2024-45782 [HIGH] CWE-787 Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382) Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2025-0686 [MEDIUM] CWE-787 Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the com

CVE-2024-45780 [MEDIUM] CWE-787 Grub2: fs/tar: integer overflow causes heap oob write Grub2: fs/tar: integer overflow causes heap oob write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-45779 [MEDIUM] CWE-190 Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2025-1125 [HIGH] CWE-787 Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of t

CVE-2025-0685 [MEDIUM] CWE-787 Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commi

CVE-2025-0689 [HIGH] CWE-120 Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to dat

CVE-2025-0684 [MEDIUM] CWE-787 Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is

CVE-2024-45778 [MEDIUM] CWE-190 Grub2: fs/bfs: integer overflow in the bfs parser. Grub2: fs/bfs: integer overflow in the bfs parser. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2025-0624 [HIGH] CWE-787 Grub2: net: out-of-bounds write in grub_net_search_config_file() Grub2: net: out-of-bounds write in grub_net_search_config_file() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libra

CVE-2024-45777 [MEDIUM] CWE-787 Grub2: grub-core/gettext: integer overflow leads to heap oob write. Grub2: grub-core/gettext: integer overflow leads to heap oob write. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-45781 [MEDIUM] CWE-787 Grub2: fs/ufs: oob write in the heap Grub2: fs/ufs: oob write in the heap FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2025-1118 [MEDIUM] CWE-501 Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and m

CVE-2024-45774 [MEDIUM] CWE-787 Grub2: reader/jpeg: heap oob write during jpeg parsing Grub2: reader/jpeg: heap oob write during jpeg parsing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2025-0690 [MEDIUM] CWE-787 Grub2: read: integer overflow may lead to out-of-bounds write Grub2: read: integer overflow may lead to out-of-bounds write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-45775 [MEDIUM] CWE-252 Grub2: commands/extcmd: missing check for failed allocation Grub2: commands/extcmd: missing check for failed allocation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-45776 [MEDIUM] CWE-787 Grub2: grub-core/gettext: integer overflow leads to heap oob write and read. Grub2: grub-core/gettext: integer overflow leads to heap oob write and read. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2025-0677 [MEDIUM] CWE-787 Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the

CVE-2024-45783 [MEDIUM] CWE-911 Grub2: fs/hfs+: refcount can be decremented twice Grub2: fs/hfs+: refcount can be decremented twice FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro