Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2024-26961 [HIGH] CWE-416 mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154: fix llsec key resources release in mac802154_llsec_key_del FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-32618 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

CVE-2023-52649 [HIGH] CWE-129 drm/vkms: Avoid reading beyond LUT array drm/vkms: Avoid reading beyond LUT array FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-32612 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c resulting in the corruption of the instruction pointer a different vulnerability than CVE-2024 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c resulting in the corruption of the instruction pointer a different vulnerability than CVE-2024-32613. FAQ: Is Azure Linux the only Microsoft product that includes

CVE-2024-32623 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cu

CVE-2024-27020 [HIGH] CWE-362 netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-32619 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefi

CVE-2024-26947 [MEDIUM] ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-52650 [MEDIUM] CWE-476 drm/tegra: dsi: Add missing check for of_find_device_by_node drm/tegra: dsi: Add missing check for of_find_device_by_node FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-27075 [HIGH] media: dvb-frontends: avoid stack overflow warnings with clang media: dvb-frontends: avoid stack overflow warnings with clang FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-27281 [MEDIUM] CWE-502 An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant remote code execution are possible because there are no restriction

CVE-2024-26951 [HIGH] wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: check for dangling peer via is_dead instead of empty list FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2024-27434 [MEDIUM] wifi: iwlwifi: mvm: don't set the MFP flag for the GTK wifi: iwlwifi: mvm: don't set the MFP flag for the GTK FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-26306 [MEDIUM] CWE-385 iPerf3 before 3.17 when used with OpenSSL before 3.2.0 as a server with RSA authentication allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attac iPerf3 before 3.17 when used with OpenSSL before 3.2.0 as a server with RSA authentication allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to se

CVE-2023-52648 [MEDIUM] CWE-476 drm/vmwgfx: Unmap the surface before resetting it on a plane state drm/vmwgfx: Unmap the surface before resetting it on a plane state FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-32610 [MEDIUM] CWE-416 HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c resulting in a corrupted instruction pointer. HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c resulting in a corrupted instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2024-27019 [MEDIUM] CWE-362 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-29166 [MEDIUM] CWE-120 HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore

CVE-2024-27051 [MEDIUM] CWE-476 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o

CVE-2024-36023 [MEDIUM] CWE-476 Julia Lawall reported this null pointer dereference this should fix it. Julia Lawall reported this null pointer dereference this should fix it. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the