Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2024-42314 [HIGH] CWE-416 btrfs: fix extent map use-after-free when adding pages to compressed bio btrfs: fix extent map use-after-free when adding pages to compressed bio FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2022-3775 [HIGH] CWE-122 Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-3775 FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table? The new Copilot+ devices that are now publicly ava

CVE-2024-8088 [HIGH] CWE-835 Infinite loop when iterating over zip archive entry names from zipfile.Path Infinite loop when iterating over zip archive entry names from zipfile.Path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-42237 [MEDIUM] CWE-834 firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Validate payload length before processing block FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-52889 [MEDIUM] CWE-476 apparmor: Fix null pointer deref when receiving skb during sock creation apparmor: Fix null pointer deref when receiving skb during sock creation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2024-43859 [MEDIUM] CWE-476 f2fs: fix to truncate preallocated blocks in f2fs_file_open() f2fs: fix to truncate preallocated blocks in f2fs_file_open() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-43854 [MEDIUM] CWE-401 block: initialize integrity buffer to zero before writing it to media block: initialize integrity buffer to zero before writing it to media FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-42268 [MEDIUM] CWE-667 net/mlx5: Fix missing lock on sync reset reload net/mlx5: Fix missing lock on sync reset reload FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-42315 [MEDIUM] CWE-667 exfat: fix potential deadlock on __exfat_get_dentry_set exfat: fix potential deadlock on __exfat_get_dentry_set FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-7347 [MEDIUM] CWE-125 NGINX MP4 module vulnerability NGINX MP4 module vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to

CVE-2024-43855 [MEDIUM] CWE-476 md: fix deadlock between mddev_suspend and flush bio md: fix deadlock between mddev_suspend and flush bio FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-42353 [MEDIUM] CWE-601 WebOb's location header normalization during redirect leads to open redirect WebOb's location header normalization during redirect leads to open redirect FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-42240 [MEDIUM] CWE-835 x86/bhi: Avoid warning in #DB handler due to BHI mitigation x86/bhi: Avoid warning in #DB handler due to BHI mitigation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-43833 [MEDIUM] CWE-476 media: v4l: async: Fix NULL pointer dereference in adding ancillary links media: v4l: async: Fix NULL pointer dereference in adding ancillary links FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-43884 [MEDIUM] CWE-476 Bluetooth: MGMT: Add error handling to pair_device() Bluetooth: MGMT: Add error handling to pair_device() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-1543 [MEDIUM] CWE-208 AES T-Table sub-cache-line leakage AES T-Table sub-cache-line leakage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is commi

CVE-2024-43856 [MEDIUM] CWE-770 dma: fix call order in dmam_free_coherent dma: fix call order in dmam_free_coherent FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2024-42283 [MEDIUM] CWE-908 net: nexthop: Initialize all fields in dumped nexthops net: nexthop: Initialize all fields in dumped nexthops FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-1545 [MEDIUM] CWE-1256 Fault Injection of RSA encryption in WolfCrypt Fault Injection of RSA encryption in WolfCrypt FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2023-49582 [MEDIUM] CWE-732 Apache Portable Runtime (APR): Unexpected lax shared memory permissions Apache Portable Runtime (APR): Unexpected lax shared memory permissions FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the