Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2024-44946 [MEDIUM] CWE-416 kcm: Serialise kcm_sendmsg() for the same socket. kcm: Serialise kcm_sendmsg() for the same socket. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-41965 [MEDIUM] CWE-415 Vim < v9.1.0648 has a double-free in dialog_changed() Vim Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpare

CVE-2024-43802 [MEDIUM] CWE-122 heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 heap-buffer-overflow in ins_typebuf() in Vim Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is co

CVE-2024-42310 [MEDIUM] CWE-476 drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-43374 [MEDIUM] CWE-416 Vim heap-use-after-free in src/arglist.c:207 Vim heap-use-after-free in src/arglist.c:207 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-6923 [MEDIUM] CWE-94 Email header injection due to unquoted newlines Email header injection due to unquoted newlines FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-43167 [LOW] CWE-476 Unbound: null pointer dereference in unbound Unbound: null pointer dereference in unbound FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-41110 [CRITICAL] CWE-187 Moby authz zero length regression Moby authz zero length regression FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is comm

CVE-2024-41184 [CRITICAL] CWE-190 In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be confi In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user. FAQ: Is Azure Linux the only Microsoft produc

CVE-2024-3651 [HIGH] CWE-400 Denial of Service via Quadratic Complexity in kjd/idna Denial of Service via Quadratic Complexity in kjd/idna FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-41058 [HIGH] CWE-416 cachefiles: fix slab-use-after-free in fscache_withdraw_volume() cachefiles: fix slab-use-after-free in fscache_withdraw_volume() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-39487 [HIGH] CWE-125 bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-42093 [HIGH] CWE-787 net/dpaa2: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-39480 [HIGH] CWE-120 kdb: Fix buffer overflow during tab-complete kdb: Fix buffer overflow during tab-complete FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-41046 [HIGH] CWE-415 net: ethernet: lantiq_etop: fix double free in detach net: ethernet: lantiq_etop: fix double free in detach FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-6345 [HIGH] CWE-94 Remote Code Execution in pypa/setuptools Remote Code Execution in pypa/setuptools FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-0464 [HIGH] OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Mariner: Mariner OpenSSL Software Foundation: OpenSSL Software Foundation Customer Action Required: Yes Remediation: edk2 Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Remediation: hvloader Remediation: nodejs18 Remediation: op

CVE-2024-6655 [HIGH] CWE-94 Gtk3: gtk2: library injection from cwd Gtk3: gtk2: library injection from cwd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-38473 [HIGH] CWE-116 Apache HTTP Server proxy encoding problem Apache HTTP Server proxy encoding problem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2024-40902 [HIGH] CWE-120 jfs: xattr: fix buffer overflow for invalid xattr jfs: xattr: fix buffer overflow for invalid xattr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is