Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-38381 [HIGH] CWE-908 nfc: nci: Fix uninit-value in nci_rx_work nfc: nci: Fix uninit-value in nci_rx_work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2008-2149 [HIGH] CVE-2008-2149: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2008-2149 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: wordnet Reference: https://nvd.nist.gov/vuln/detail/CVE-2008-2149

CVE-2024-38581 [HIGH] CWE-416 drm/amdgpu/mes: fix use-after-free issue drm/amdgpu/mes: fix use-after-free issue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-37370 [HIGH] In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the applicati In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the application. FAQ: Is Azure Linux the only Microsoft product that includes this open-s

CVE-2024-38577 [HIGH] CWE-120 rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-38583 [HIGH] CWE-416 nilfs2: fix use-after-free of timer for log writer thread nilfs2: fix use-after-free of timer for log writer thread FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-0397 [HIGH] CWE-362 Memory race condition in ssl.SSLContext certificate store methods Memory race condition in ssl.SSLContext certificate store methods FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2024-36478 [MEDIUM] CWE-476 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2022-4968 [MEDIUM] CWE-497 netplan leaks the private key of wireguard to local users. netplan leaks the private key of wireguard to local users. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2013-6381 [MEDIUM] CVE-2013-6381: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2013-6381 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2013-6381

CVE-2024-36965 [MEDIUM] remoteproc: mediatek: Make sure IPI buffer fits in L2TCM remoteproc: mediatek: Make sure IPI buffer fits in L2TCM FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-52890 [MEDIUM] NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main

CVE-2024-6104 [MEDIUM] CWE-532 go-retryablehttp can leak basic auth credentials to log files go-retryablehttp can leak basic auth credentials to log files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-38603 [MEDIUM] CWE-401 drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2014-3185 [MEDIUM] CVE-2014-3185: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2014-3185 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-3185

CVE-2024-36968 [MEDIUM] CWE-369 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-37535 [MEDIUM] CWE-400 GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476. GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2024-35235 [MEDIUM] CWE-59 Cupsd Listen arbitrary chmod 0140777 Cupsd Listen arbitrary chmod 0140777 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is c

CVE-2024-37891 [MEDIUM] CWE-669 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most r

CVE-2024-38571 [MEDIUM] CWE-476 thermal/drivers/tsens: Fix null pointer dereference thermal/drivers/tsens: Fix null pointer dereference FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis