Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-31852 [MEDIUM] LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This af LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor

CVE-2024-28182 [MEDIUM] CWE-770 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2024-3096 [MEDIUM] CWE-20 PHP function password_verify can erroneously return true when argument contains NUL PHP function password_verify can erroneously return true when argument contains NUL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2024-26902 [MEDIUM] CWE-476 perf: RISCV: Fix panic on pmu overflow handler perf: RISCV: Fix panic on pmu overflow handler FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-26881 [MEDIUM] CWE-476 net: hns3: fix kernel crash when 1588 is received on HIP08 devices net: hns3: fix kernel crash when 1588 is received on HIP08 devices FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2023-6237 [MEDIUM] CWE-606 Excessive time spent checking invalid RSA public keys Excessive time spent checking invalid RSA public keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-26900 [MEDIUM] CWE-401 md: fix kmemleak of rdev->serial md: fix kmemleak of rdev->serial FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committe

CVE-2024-2511 [MEDIUM] CWE-1325 Unbounded memory growth with session handling in TLSv1.3 Unbounded memory growth with session handling in TLSv1.3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-0874 [MEDIUM] CWE-524 Coredns: cd bit response is cached and served later Coredns: cd bit response is cached and served later FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist

CVE-2024-26909 [MEDIUM] CWE-416 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-24795 [MEDIUM] CWE-113 Apache HTTP Server: HTTP Response Splitting in multiple modules Apache HTTP Server: HTTP Response Splitting in multiple modules FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-3177 [LOW] CWE-20 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure v

CVE-2024-30261 [LOW] CWE-284 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2024-27304 [CRITICAL] CWE-89 pgx SQL Injection via Protocol Message Size Overflow pgx SQL Injection via Protocol Message Size Overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-24786 [HIGH] CWE-1286 Infinite loop in JSON unmarshaling in google.golang.org/protobuf Infinite loop in JSON unmarshaling in google.golang.org/protobuf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2023-6175 [HIGH] CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6175 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-6597 [HIGH] An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference sym An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can

CVE-2024-30202 [HIGH] CWE-94 In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. In Emacs before 29.3 arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux d

CVE-2024-29018 [MEDIUM] CWE-669 External DNS requests from 'internal' networks could lead to data exfiltration External DNS requests from 'internal' networks could lead to data exfiltration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2024-2398 [HIGH] CWE-772 HTTP/2 push headers memory-leak HTTP/2 push headers memory-leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to