Msrc Azl3 Qemu 8.2.0-16 On Azure Linux 3.0 vulnerabilities

CVE-2025-27809 [MEDIUM] CWE-1188 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostnam Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. FAQ: Is Azure Linux the only Microsoft product that includes t

CVE-2025-27810 [MEDIUM] CWE-908 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. FAQ: Is Azure Linux the o

CVE-2025-2295 [LOW] CWE-190 Potential iSCSI R2T PDU Vulnerability Potential iSCSI R2T PDU Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is co

CVE-2024-57254 [HIGH] CWE-190 An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to ou

CVE-2024-57255 [HIGH] CWE-190 An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memo An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. FAQ: Is Azure Linux the only Microsoft product that in

CVE-2024-57259 [HIGH] CWE-193 sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. FAQ: Is Azure Linux the only Microsoft product that in

CVE-2024-57256 [HIGH] CWE-190 An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. FAQ: Is Azure L

CVE-2024-57258 [HIGH] CWE-190 Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther

CVE-2024-57257 [LOW] CWE-674 A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers w

CVE-2024-7730 [HIGH] CWE-122 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb() Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2024-4741 [HIGH] CWE-416 Use After Free with SSL_free_buffers Use After Free with SSL_free_buffers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is com

CVE-2024-3447 [MEDIUM] CWE-122 Qemu: sdhci: heap buffer overflow in sdhci_write_dataport() Qemu: sdhci: heap buffer overflow in sdhci_write_dataport() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wit

CVE-2024-9143 [MEDIUM] CWE-787 Low-level invalid GF(2^m) parameters lead to OOB memory access Low-level invalid GF(2^m) parameters lead to OOB memory access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2024-6119 [HIGH] CWE-843 Possible denial of service in X.509 name checks Possible denial of service in X.509 name checks FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is comp

CVE-2024-38796 [MEDIUM] CWE-122 Integer overflow in PeCoffLoaderRelocateImage Integer overflow in PeCoffLoaderRelocateImage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-42040 [HIGH] CWE-120 Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depe

CVE-2024-4467 [HIGH] CWE-400 Qemu-kvm: 'qemu-img info' leads to host file read/write Qemu-kvm: 'qemu-img info' leads to host file read/write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which th

CVE-2024-6505 [MEDIUM] CWE-125 Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the ope

CVE-2024-4693 [MEDIUM] CWE-672 Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most

CVE-2024-1298 [MEDIUM] CWE-369 Integer Overflow caused by divide by zero during S3 suspension Integer Overflow caused by divide by zero during S3 suspension FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari