Msrc Azl3 Qemu 8.2.0-25 On Azure Linux 3.0 vulnerabilities

5 known vulnerabilities affecting msrc/azl3_qemu_8.2.0-25_on_azure_linux_3.0.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-2296HIGHCVSS 8.22025-12-09
CVE-2025-2296 [HIGH] CWE-20 Un-verified kernel bypass Secure Boot mechanism in direct boot mode Un-verified kernel bypass Secure Boot mechanism in direct boot mode Mariner: Mariner TianoCore: TianoCore Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2025-2486HIGHCVSS 8.82025-11-11
CVE-2025-2486 [LOW] CWE-489 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu Mariner: Mariner canonical: canonical Customer Action Required: Yes
msrc
CVE-2025-12464MEDIUMCVSS 6.22025-10-14
CVE-2025-12464 [MEDIUM] CWE-121 Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec
msrc
CVE-2024-8354MEDIUMCVSS 5.52024-09-10
CVE-2024-8354 [MEDIUM] CWE-617 Qemu-kvm: usb: assertion failure in usb_ep_get() Qemu-kvm: usb: assertion failure in usb_ep_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is
msrc
CVE-2024-8612LOWCVSS 3.82024-09-10
CVE-2024-8612 [LOW] CWE-200 Qemu-kvm: information leak in virtio devices Qemu-kvm: information leak in virtio devices FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M
msrc