Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-27282 [MEDIUM] CWE-125 An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler it is possible to extract arbitrary heap data relative to the start of the text incl An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler it is possible to extract arbitrary heap data relative to the start of the text including pointers and sensitive strings. The fixed versions are 3.0.7

CVE-2024-27016 [MEDIUM] netfilter: flowtable: validate pppoe header netfilter: flowtable: validate pppoe header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-27030 [MEDIUM] CWE-362 octeontx2-af: Use separate handlers for interrupts octeontx2-af: Use separate handlers for interrupts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-27435 [MEDIUM] nvme: fix reconnection fail due to reserved tag allocation nvme: fix reconnection fail due to reserved tag allocation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-27037 [MEDIUM] CWE-476 clk: zynq: Prevent null pointer dereference caused by kmalloc failure clk: zynq: Prevent null pointer dereference caused by kmalloc failure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-27047 [MEDIUM] CWE-476 net: phy: fix phy_get_internal_delay accessing an empty array net: phy: fix phy_get_internal_delay accessing an empty array FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2023-52659 [MEDIUM] x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2024-26953 [MEDIUM] net: esp: fix bad handling of pages from page_pool net: esp: fix bad handling of pages from page_pool FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-35978 [MEDIUM] CWE-401 Bluetooth: Fix memory leak in hci_req_sync_complete() Bluetooth: Fix memory leak in hci_req_sync_complete() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-35794 [MEDIUM] dm-raid: really frozen sync_thread during suspend dm-raid: really frozen sync_thread during suspend FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-26966 [MEDIUM] CWE-129 clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-27050 [MEDIUM] CWE-787 libbpf: Use OPTS_SET() macro in bpf_xdp_query() libbpf: Use OPTS_SET() macro in bpf_xdp_query() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-32607 [MEDIUM] CWE-125 HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux di

CVE-2024-27033 [MEDIUM] f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-33875 [MEDIUM] CWE-120 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the m

CVE-2024-26946 [MEDIUM] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-35827 [MEDIUM] CWE-190 io_uring/net: fix overflow check in io_recvmsg_mshot_prep() io_uring/net: fix overflow check in io_recvmsg_mshot_prep() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-35972 [MEDIUM] CWE-401 bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-35912 [MEDIUM] CWE-401 wifi: iwlwifi: mvm: rfi: fix potential response leaks wifi: iwlwifi: mvm: rfi: fix potential response leaks FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-26950 [MEDIUM] wireguard: netlink: access device through ctx instead of peer wireguard: netlink: access device through ctx instead of peer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w