Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2024-5742 [MEDIUM] CWE-59 Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits t

CVE-2024-36481 [MEDIUM] CWE-754 tracing/probes: fix error check in parse_btf_field() tracing/probes: fix error check in parse_btf_field() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-36967 [MEDIUM] CWE-401 KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Fix memory leak in tpm2_key_encode() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-36969 [MEDIUM] CWE-369 drm/amd/display: Fix division by zero in setup_dsc_config drm/amd/display: Fix division by zero in setup_dsc_config FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2023-52071 CVE-2023-52071: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-52071 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: tensorflow Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-52071

CVE-2024-4323 [CRITICAL] CWE-122 Fluent Bit Memory Corruption Vulnerability Fluent Bit Memory Corruption Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-29164 [CRITICAL] CWE-121 HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and i

CVE-2024-27053 [CRITICAL] CWE-476 wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: fix RCU usage in connect path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-33874 [CRITICAL] CWE-120 HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with

CVE-2024-32615 [CRITICAL] CWE-787 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c caused by the earlier use of an initialized pointer. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c caused by the earlier use of an initialized pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vul

CVE-2024-32613 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c a different vulnerability than CVE-2024-32612. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c a different vulnerability than CVE-2024-32612. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne

CVE-2024-27395 [HIGH] CWE-416 net: openvswitch: Fix Use-After-Free in ovs_ct_exit net: openvswitch: Fix Use-After-Free in ovs_ct_exit FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-26974 [HIGH] CWE-416 crypto: qat - resolve race condition during AER recovery crypto: qat - resolve race condition during AER recovery FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-35856 [HIGH] CWE-415 Bluetooth: btusb: mediatek: Fix double free of skb in coredump Bluetooth: btusb: mediatek: Fix double free of skb in coredump FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-26983 [HIGH] CWE-416 bootconfig: use memblock_free_late to free xbc memory to buddy bootconfig: use memblock_free_late to free xbc memory to buddy FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-32465 [HIGH] CWE-22 Git's protections for cloning untrusted repositories can be bypassed Git's protections for cloning untrusted repositories can be bypassed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2024-32616 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment t

CVE-2024-26930 [HIGH] CWE-415 scsi: qla2xxx: Fix double free of the ha->vp_map pointer scsi: qla2xxx: Fix double free of the ha->vp_map pointer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-26934 [HIGH] CWE-667 USB: core: Fix deadlock in usb_deauthorize_interface() USB: core: Fix deadlock in usb_deauthorize_interface() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-27018 [HIGH] netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: br_netfilter: skip conntrack input hook for promisc packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source