Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2024-41073 [HIGH] CWE-415 nvme: avoid double free special payload nvme: avoid double free special payload FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-39496 [HIGH] CWE-416 btrfs: zoned: fix use-after-free due to race with dev replace btrfs: zoned: fix use-after-free due to race with dev replace FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-39894 [HIGH] CWE-367 OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g. for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly other timing attac OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g. for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly other timing attacks against keystroke entry could occur. FAQ: Is Azure Linux the only

CVE-2024-39479 [HIGH] CWE-400 drm/i915/hwmon: Get rid of devm drm/i915/hwmon: Get rid of devm FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to

CVE-2024-41070 [HIGH] CWE-416 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-39494 [HIGH] CWE-416 ima: Fix use-after-free on a dentry's dname.name ima: Fix use-after-free on a dentry's dname.name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-39486 [HIGH] CWE-416 drm/drm_file: Fix pid refcounting race drm/drm_file: Fix pid refcounting race FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2024-39495 [HIGH] CWE-416 greybus: Fix use-after-free bug in gb_interface_release due to race condition. greybus: Fix use-after-free bug in gb_interface_release due to race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-41049 [HIGH] CWE-416 filelock: fix potential use-after-free in posix_lock_inode filelock: fix potential use-after-free in posix_lock_inode FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-42228 [HIGH] CWE-908 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-40996 [HIGH] bpf: Avoid splat in pskb_pull_reason bpf: Avoid splat in pskb_pull_reason FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed

CVE-2024-40994 [HIGH] CWE-190 ptp: fix integer overflow in max_vclocks_store ptp: fix integer overflow in max_vclocks_store FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-41057 [HIGH] CWE-416 cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-41671 [HIGH] CWE-444 twisted.web has disordered HTTP pipeline response twisted.web has disordered HTTP pipeline response FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-37298 [HIGH] CWE-770 Potential memory exhaustion attack due to sparse slice deserialization Potential memory exhaustion attack due to sparse slice deserialization FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-41000 [HIGH] CWE-190 block/ioctl: prefer different overflow check block/ioctl: prefer different overflow check FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-41076 [MEDIUM] CWE-401 NFSv4: Fix memory leak in nfs4_set_security_label NFSv4: Fix memory leak in nfs4_set_security_label FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-21135 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerabil Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol

CVE-2024-39483 [MEDIUM] KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-39884 [MEDIUM] Apache HTTP Server: source code disclosure with handlers configured via AddType Apache HTTP Server: source code disclosure with handlers configured via AddType FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions