Msrc Azl3 Kernel 6.6.35.1-5 On Azure Linux 3.0 vulnerabilities

CVE-2024-42237 [MEDIUM] CWE-834 firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Validate payload length before processing block FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-42248 [MEDIUM] CWE-476 tty: serial: ma35d1: Add a NULL check for of_node tty: serial: ma35d1: Add a NULL check for of_node FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-42244 [MEDIUM] USB: serial: mos7840: fix crash on resume USB: serial: mos7840: fix crash on resume FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2024-42240 [MEDIUM] CWE-835 x86/bhi: Avoid warning in #DB handler due to BHI mitigation x86/bhi: Avoid warning in #DB handler due to BHI mitigation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-42241 [MEDIUM] CWE-770 mm/shmem: disable PMD-sized page cache if needed mm/shmem: disable PMD-sized page cache if needed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-42243 [MEDIUM] mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-42235 [MEDIUM] CWE-476 s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-42239 [MEDIUM] CWE-667 bpf: Fail bpf_timer_cancel when callback is being cancelled bpf: Fail bpf_timer_cancel when callback is being cancelled FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-42247 [MEDIUM] CWE-770 wireguard: allowedips: avoid unaligned 64-bit memory accesses wireguard: allowedips: avoid unaligned 64-bit memory accesses FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-42238 [MEDIUM] CWE-120 firmware: cs_dsp: Return error if block header overflows file firmware: cs_dsp: Return error if block header overflows file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-42236 [MEDIUM] CWE-787 usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-42246 [MEDIUM] CWE-835 net sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket net sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-42232 [MEDIUM] CWE-416 libceph: fix race between delayed_work() and ceph_monc_stop() libceph: fix race between delayed_work() and ceph_monc_stop() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-42245 [MEDIUM] CWE-667 Revert "sched/fair: Make sure to try to detach at least one movable task" Revert "sched/fair: Make sure to try to detach at least one movable task" FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-41058 [HIGH] CWE-416 cachefiles: fix slab-use-after-free in fscache_withdraw_volume() cachefiles: fix slab-use-after-free in fscache_withdraw_volume() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-39487 [HIGH] CWE-125 bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-42093 [HIGH] CWE-787 net/dpaa2: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-39480 [HIGH] CWE-120 kdb: Fix buffer overflow during tab-complete kdb: Fix buffer overflow during tab-complete FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-41087 [HIGH] CWE-415 ata: libata-core: Fix double free on error ata: libata-core: Fix double free on error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2024-41046 [HIGH] CWE-415 net: ethernet: lantiq_etop: fix double free in detach net: ethernet: lantiq_etop: fix double free in detach FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d