Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-26933 [HIGH] CWE-667 USB: core: Fix deadlock in port "disable" sysfs attribute USB: core: Fix deadlock in port "disable" sysfs attribute FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-32620 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of

CVE-2024-32614 [HIGH] CWE-125 HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-32605 [HIGH] CWE-122 HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers

CVE-2024-29161 [HIGH] CWE-122 HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libra

CVE-2024-27045 [HIGH] CWE-120 drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-3727 [HIGH] CWE-354 Containers/image: digest type does not guarantee valid type Containers/image: digest type does not guarantee valid type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-27433 [HIGH] CWE-415 clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2024-35792 [HIGH] crypto: rk3288 - Fix use after free in unprepare crypto: rk3288 - Fix use after free in unprepare FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-29162 [HIGH] CWE-122 HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read resulting in denial of service or potential code execution. HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read resulting in denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers

CVE-2024-33873 [HIGH] CWE-122 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date w

CVE-2024-29160 [HIGH] CWE-122 HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-so

CVE-2024-29165 [HIGH] CWE-122 HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32 resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32 resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is th

CVE-2024-29158 [HIGH] CWE-122 HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther

CVE-2024-5564 [HIGH] CWE-120 Libndp: buffer overflow in route information length field Libndp: buffer overflow in route information length field FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2024-26939 [HIGH] CWE-416 drm/i915/vma: Fix UAF on destroy against retire race drm/i915/vma: Fix UAF on destroy against retire race FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-35801 [MEDIUM] CWE-416 x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-33877 [HIGH] CWE-122 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date w

CVE-2024-34069 [HIGH] CWE-352 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to

CVE-2024-29163 [HIGH] CWE-122 HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore