Msrc Azl3 Qemu 8.2.0-1 On Azure Linux 3.0 vulnerabilities

CVE-2023-2861 [MEDIUM] CWE-284 Qemu: 9pfs: improper access control on special files Qemu: 9pfs: improper access control on special files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the di

CVE-2023-3301 [MEDIUM] CWE-362 Triggerable assertion due to race condition in hot-unplug Triggerable assertion due to race condition in hot-unplug FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with wh

CVE-2023-42467 [MEDIUM] CWE-369 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU a QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. FAQ: Is Azure Linux the only Microsoft p

CVE-2023-3255 [MEDIUM] CWE-835 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2023-3180 [MEDIUM] CWE-787 Heap buffer overflow in virtio_crypto_sym_op_helper() Heap buffer overflow in virtio_crypto_sym_op_helper() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-3354 [HIGH] CWE-476 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with t

CVE-2023-1544 [MEDIUM] CWE-770 Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2021-3611 [MEDIUM] CWE-119 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system a