Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2023-4807 [HIGH] CWE-440 POLY1305 MAC implementation corrupts XMM registers on Windows POLY1305 MAC implementation corrupts XMM registers on Windows FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2023-5156 [HIGH] CWE-401 Glibc: dos due to memory leak in getaddrinfo.c Glibc: dos due to memory leak in getaddrinfo.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compos

CVE-2023-4527 [MEDIUM] CWE-121 Glibc: stack read overflow in getaddrinfo in no-aaaa mode Glibc: stack read overflow in getaddrinfo in no-aaaa mode NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-4527 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most re

CVE-2023-3301 [MEDIUM] CWE-362 Triggerable assertion due to race condition in hot-unplug Triggerable assertion due to race condition in hot-unplug FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with wh

CVE-2023-41051 [LOW] CWE-125 Default functions in VolatileMemory trait lack bounds checks in vm-memory Default functions in VolatileMemory trait lack bounds checks in vm-memory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-5215 [MEDIUM] CWE-252 Libnbd: crash or misbehaviour when nbd server returns an unexpected block size Libnbd: crash or misbehaviour when nbd server returns an unexpected block size FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2023-42467 [MEDIUM] CWE-369 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU a QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. FAQ: Is Azure Linux the only Microsoft p

CVE-2023-3255 [MEDIUM] CWE-835 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2023-4039 [MEDIUM] CWE-693 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most se

CVE-2022-36648 [CRITICAL] CWE-476 The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the hos The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has

CVE-2023-41361 [CRITICAL] CWE-120 An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose

CVE-2022-34038 [HIGH] CWE-787 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentiall

CVE-2023-33953 [HIGH] CWE-770 Denial-of-Service in gRPC Denial-of-Service in gRPC FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparenc

CVE-2022-48579 [HIGH] CWE-59 UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date

CVE-2023-38710 [MEDIUM] An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1 an error notify INVALID_SPI is sent back. The notify payloa An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1 an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet but the code that verifi

CVE-2023-3180 [MEDIUM] CWE-787 Heap buffer overflow in virtio_crypto_sym_op_helper() Heap buffer overflow in virtio_crypto_sym_op_helper() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-38711 [MEDIUM] CWE-476 An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN a NULL pointer dereference caus An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affe

CVE-2023-38712 [MEDIUM] CWE-476 An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA such as a duplicated Delete/Notify message a NULL pointer deref

CVE-2023-3978 [MEDIUM] CWE-79 Improper rendering of text nodes in golang.org/x/net/html Improper rendering of text nodes in golang.org/x/net/html FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-28938 [LOW] CWE-400 Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is there