Msrc Azl3 Kernel 6.6.43.1-7 On Azure Linux 3.0 vulnerabilities

CVE-2024-42285 [HIGH] CWE-416 RDMA/iwcm: Fix a use-after-free related to destroying CM IDs RDMA/iwcm: Fix a use-after-free related to destroying CM IDs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-42284 [HIGH] CWE-754 tipc: Return non-zero value from tipc_udp_addr2str() on error tipc: Return non-zero value from tipc_udp_addr2str() on error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-42302 [HIGH] CWE-416 PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-42313 [HIGH] CWE-416 media: venus: fix use after free in vdec_close media: venus: fix use after free in vdec_close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-42271 [HIGH] CWE-416 net/iucv: fix use after free in iucv_sock_close() net/iucv: fix use after free in iucv_sock_close() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-43858 [HIGH] CWE-129 jfs: Fix array-index-out-of-bounds in diFree jfs: Fix array-index-out-of-bounds in diFree FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-42301 [HIGH] CWE-129 dev/parport: fix the array out-of-bounds risk dev/parport: fix the array out-of-bounds risk FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-42314 [HIGH] CWE-416 btrfs: fix extent map use-after-free when adding pages to compressed bio btrfs: fix extent map use-after-free when adding pages to compressed bio FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-42237 [MEDIUM] CWE-834 firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Validate payload length before processing block FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-42248 [MEDIUM] CWE-476 tty: serial: ma35d1: Add a NULL check for of_node tty: serial: ma35d1: Add a NULL check for of_node FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2023-52889 [MEDIUM] CWE-476 apparmor: Fix null pointer deref when receiving skb during sock creation apparmor: Fix null pointer deref when receiving skb during sock creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2024-43859 [MEDIUM] CWE-476 f2fs: fix to truncate preallocated blocks in f2fs_file_open() f2fs: fix to truncate preallocated blocks in f2fs_file_open() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-43854 [MEDIUM] CWE-401 block: initialize integrity buffer to zero before writing it to media block: initialize integrity buffer to zero before writing it to media FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-42268 [MEDIUM] CWE-667 net/mlx5: Fix missing lock on sync reset reload net/mlx5: Fix missing lock on sync reset reload FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-42315 [MEDIUM] CWE-667 exfat: fix potential deadlock on __exfat_get_dentry_set exfat: fix potential deadlock on __exfat_get_dentry_set FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-42244 [MEDIUM] USB: serial: mos7840: fix crash on resume USB: serial: mos7840: fix crash on resume FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2024-43855 [MEDIUM] CWE-476 md: fix deadlock between mddev_suspend and flush bio md: fix deadlock between mddev_suspend and flush bio FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-42240 [MEDIUM] CWE-835 x86/bhi: Avoid warning in #DB handler due to BHI mitigation x86/bhi: Avoid warning in #DB handler due to BHI mitigation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-43833 [MEDIUM] CWE-476 media: v4l: async: Fix NULL pointer dereference in adding ancillary links media: v4l: async: Fix NULL pointer dereference in adding ancillary links FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-43856 [MEDIUM] CWE-770 dma: fix call order in dmam_free_coherent dma: fix call order in dmam_free_coherent FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic