Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2022-32744 [HIGH] CWE-290 A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key a user can change other users' passwords enabling A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key a user can change other users' passwords enabling full domain takeover. FAQ: Is Azure Linux the only Microsoft produc

CVE-2021-3929 [HIGH] CWE-416 A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvm A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and just like it when the reentrancy write triggers the reset function nvme_ctrl_reset() data structs will be freed leading to a use-after-free

CVE-2022-2031 [HIGH] CWE-287 A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys allowing them to decrypt each other's tickets. A user who has been A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this flaw to obtain and

CVE-2021-33645 [HIGH] CWE-401 The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory which may cause a memory leak. The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory which may cause a memory leak. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Li

CVE-2021-4158 [MEDIUM] CWE-476 A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a denial of ser A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. FAQ: Is Azure Linux the only Microsoft product that

CVE-2022-0175 [MEDIUM] CWE-909 A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory fr

CVE-2022-32742 [MEDIUM] CWE-200 A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write allowing server memory contents to be written into t A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client ca

CVE-2021-20316 [MEDIUM] CWE-362 A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata to perform this operation outside of the A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata to perform this operation outside of the share. FAQ: Is Azure Linux the only Microsoft product that includ

CVE-2022-32746 [MEDIUM] CWE-416 A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module resulting in a use-after-free issue. This issu A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes suc

CVE-2022-31627 [HIGH] CWE-787 Heap buffer overflow in finfo_buffer Heap buffer overflow in finfo_buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is co

CVE-2022-0670 [CRITICAL] CWE-863 A flaw was found in Openstack manilla owning a Ceph File system "share" which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes A flaw was found in Openstack manilla owning a Ceph File system "share" which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Co

CVE-2021-3697 [HIGH] CWE-787 A crafted JPEG image may lead the JPEG reader to underflow its data pointer allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tria A crafted JPEG image may lead the JPEG reader to underflow its data pointer allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and

CVE-2022-35414 [HIGH] CWE-908 softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization U softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting t

CVE-2022-33099 [HIGH] CWE-787 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2021-3695 [MEDIUM] CWE-787 A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexit

CVE-2021-33454 [MEDIUM] CWE-476 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the

CVE-2022-2097 [MEDIUM] CWE-327 AES OCB fails to encrypt some bytes AES OCB fails to encrypt some bytes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is com

CVE-2021-3696 [MEDIUM] CWE-787 A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality Integrity and Availablity impact may A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the en

CVE-2022-1996 [CRITICAL] CWE-639 Authorization Bypass Through User-Controlled Key in emicklei/go-restful Authorization Bypass Through User-Controlled Key in emicklei/go-restful FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2022-29526 [MEDIUM] CWE-269 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible. Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible. FAQ: Is Azure Linux the only Microsoft product that includes this open-