Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2024-49858 [MEDIUM] efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-49954 [MEDIUM] static_call: Replace pointless WARN_ON() in static_call_module_notify() static_call: Replace pointless WARN_ON() in static_call_module_notify() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-49975 [MEDIUM] CWE-401 uprobes: fix kernel info leak via "[uprobes]" vma uprobes: fix kernel info leak via "[uprobes]" vma FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-50058 [MEDIUM] CWE-476 serial: protect uart_port_dtr_rts() in uart_shutdown() too serial: protect uart_port_dtr_rts() in uart_shutdown() too FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-49905 [MEDIUM] CWE-476 drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent an

CVE-2024-50006 [MEDIUM] CWE-667 ext4: fix i_data_sem unlock order in ext4_ind_migrate() ext4: fix i_data_sem unlock order in ext4_ind_migrate() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-50016 [MEDIUM] CWE-190 drm/amd/display: Avoid overflow assignment in link_dp_cts drm/amd/display: Avoid overflow assignment in link_dp_cts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-21219 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl

CVE-2024-21203 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl

CVE-2024-50046 [MEDIUM] CWE-476 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-50000 [MEDIUM] CWE-476 net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-50038 [MEDIUM] netfilter: xtables: avoid NFPROTO_UNSPEC where needed netfilter: xtables: avoid NFPROTO_UNSPEC where needed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-21238 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior 8.4.1 and prior and 9.0.1 and prior. Difficul Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access

CVE-2024-21199 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulne Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro

CVE-2024-47737 [MEDIUM] CWE-476 nfsd: call cache_put if xdr_reserve_space returns NULL nfsd: call cache_put if xdr_reserve_space returns NULL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-49896 [MEDIUM] CWE-476 drm/amd/display: Check stream before comparing them drm/amd/display: Check stream before comparing them FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-21193 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable v Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple

CVE-2024-31227 [MEDIUM] CWE-20 Denial-of-service due to malformed ACL selectors in Redis Denial-of-service due to malformed ACL selectors in Redis FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with wh

CVE-2024-47714 [MEDIUM] CWE-787 wifi: mt76: mt7996: use hweight16 to get correct tx antenna wifi: mt76: mt7996: use hweight16 to get correct tx antenna FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-47673 [MEDIUM] wifi: iwlwifi: mvm: pause TCM when the firmware is stopped wifi: iwlwifi: mvm: pause TCM when the firmware is stopped FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t