Msrc Azl3 Kernel 6.6.35.1-4 On Azure Linux 3.0 vulnerabilities

CVE-2024-38667 [HIGH] CWE-787 riscv: prevent pt_regs corruption for secondary idle threads riscv: prevent pt_regs corruption for secondary idle threads FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-36477 [HIGH] CWE-125 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-38664 [HIGH] CWE-667 drm: zynqmp_dpsub: Always register bridge drm: zynqmp_dpsub: Always register bridge FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2024-36971 [HIGH] CWE-416 net: fix __dst_negative_advice() race net: fix __dst_negative_advice() race FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-39291 [HIGH] CWE-120 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2024-39277 [HIGH] CWE-125 dma-mapping: benchmark: handle NUMA_NO_NODE correctly dma-mapping: benchmark: handle NUMA_NO_NODE correctly FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-38780 [MEDIUM] CWE-667 dma-buf/sw-sync: don't enable IRQ from sync_print_obj() dma-buf/sw-sync: don't enable IRQ from sync_print_obj() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-38662 [MEDIUM] bpf: Allow delete from sockmap/sockhash only if update is allowed bpf: Allow delete from sockmap/sockhash only if update is allowed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-39292 [MEDIUM] CWE-415 um: Add winch to winch_handlers before registering winch IRQ um: Add winch to winch_handlers before registering winch IRQ FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-36481 [MEDIUM] CWE-754 tracing/probes: fix error check in parse_btf_field() tracing/probes: fix error check in parse_btf_field() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-27022 [HIGH] CWE-908 fork: defer linking file vma until vma is fully initialized fork: defer linking file vma until vma is fully initialized FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-26952 [HIGH] CWE-120 ksmbd: fix potencial out-of-bounds when buffer offset is invalid ksmbd: fix potencial out-of-bounds when buffer offset is invalid FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-36891 [MEDIUM] CWE-476 maple_tree: fix mas_empty_area_rev() null pointer dereference maple_tree: fix mas_empty_area_rev() null pointer dereference FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-36926 [MEDIUM] CWE-476 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-36938 [MEDIUM] CWE-476 bpf skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue bpf skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-36897 [MEDIUM] CWE-476 drm/amd/display: Atom Integrated System Info v2_2 for DCN35 drm/amd/display: Atom Integrated System Info v2_2 for DCN35 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-36930 [MEDIUM] CWE-476 spi: fix null pointer dereference within spi_sync spi: fix null pointer dereference within spi_sync FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-26949 [MEDIUM] CWE-476 drm/amdgpu/pm: Fix NULL pointer dereference when get power limit drm/amdgpu/pm: Fix NULL pointer dereference when get power limit FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-35992 [MEDIUM] CWE-125 phy: marvell: a3700-comphy: Fix out of bounds read phy: marvell: a3700-comphy: Fix out of bounds read FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-35997 [MEDIUM] CWE-667 HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source