Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-41055 [MEDIUM] CWE-476 mm: prevent derefencing NULL ptr in pfn_section_valid() mm: prevent derefencing NULL ptr in pfn_section_valid() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-41053 [MEDIUM] CWE-476 scsi: ufs: core: Fix ufshcd_abort_one racing issue scsi: ufs: core: Fix ufshcd_abort_one racing issue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-40952 [MEDIUM] CWE-476 ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-41088 [MEDIUM] CWE-835 can: mcp251xfd: fix infinite loop when xmit fails can: mcp251xfd: fix infinite loop when xmit fails FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-21130 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerabil Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol

CVE-2024-42071 [MEDIUM] CWE-834 ionic: use dev_consume_skb_any outside of napi ionic: use dev_consume_skb_any outside of napi FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-21166 [MEDIUM] CWE-285 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allow Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols

CVE-2024-39474 [MEDIUM] CWE-770 mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-21173 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compro

CVE-2024-41084 [MEDIUM] CWE-476 cxl/region: Avoid null pointer dereference in region lookup cxl/region: Avoid null pointer dereference in region lookup FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-39482 [MEDIUM] CWE-770 bcache: fix variable length array abuse in btree_iter bcache: fix variable length array abuse in btree_iter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-42102 [MEDIUM] CWE-369 Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits() again" Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits() again" FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-41064 [MEDIUM] powerpc/eeh: avoid possible crash when edev->pdev changes powerpc/eeh: avoid possible crash when edev->pdev changes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-39475 [MEDIUM] CWE-369 fbdev: savage: Handle err return when savagefb_check_var failed fbdev: savage: Handle err return when savagefb_check_var failed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-39484 [MEDIUM] CWE-770 mmc: davinci: Don't strip remove function when driver is builtin mmc: davinci: Don't strip remove function when driver is builtin FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-42161 [MEDIUM] CWE-908 bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-40961 [MEDIUM] CWE-476 ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL deref in fib6_nh_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-41002 [MEDIUM] CWE-401 crypto: hisilicon/sec - Fix memory leak for sec resource release crypto: hisilicon/sec - Fix memory leak for sec resource release FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-42101 [MEDIUM] CWE-476 drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2024-40725 [MEDIUM] CWE-668 Apache HTTP Server: source code disclosure with handlers configured via AddType Apache HTTP Server: source code disclosure with handlers configured via AddType FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure