Msrc Cbl2 Grub2 2.06-15 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-61661 [MEDIUM] CWE-131 Grub2: grub2: out-of-bounds write via malicious usb device Grub2: grub2: out-of-bounds write via malicious usb device Mariner: Mariner redhat: redhat Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-61662 [HIGH] CWE-416 Grub2: missing unregister call for gettext command may lead to use-after-free Grub2: missing unregister call for gettext command may lead to use-after-free Mariner: Mariner redhat: redhat Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-54771 [MEDIUM] CWE-825 Grub2: use-after-free in grub_file_close() Grub2: use-after-free in grub_file_close() Mariner: Mariner redhat: redhat Customer Action Required: Yes

CVE-2025-61664 [MEDIUM] CWE-825 Grub2: missing unregister call for normal_exit command may lead to use-after-free Grub2: missing unregister call for normal_exit command may lead to use-after-free Mariner: Mariner redhat: redhat Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-54770 [MEDIUM] CWE-825 Grub2: use-after-free in net_set_vlan Grub2: use-after-free in net_set_vlan Mariner: Mariner redhat: redhat Customer Action Required: Yes

CVE-2025-61663 [MEDIUM] CWE-825 Grub2: missing unregister call for normal commands may lead to use-after-free Grub2: missing unregister call for normal commands may lead to use-after-free Mariner: Mariner redhat: redhat Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-0678 [HIGH] CWE-190 Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the mos

CVE-2024-45782 [HIGH] CWE-787 Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382) Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2025-0686 [MEDIUM] CWE-787 Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the com

CVE-2024-45780 [MEDIUM] CWE-787 Grub2: fs/tar: integer overflow causes heap oob write Grub2: fs/tar: integer overflow causes heap oob write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-45779 [MEDIUM] CWE-190 Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2025-1125 [HIGH] CWE-787 Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of t

CVE-2025-0685 [MEDIUM] CWE-787 Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commi

CVE-2025-0689 [HIGH] CWE-120 Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to dat

CVE-2025-0684 [MEDIUM] CWE-787 Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is

CVE-2024-45778 [MEDIUM] CWE-190 Grub2: fs/bfs: integer overflow in the bfs parser. Grub2: fs/bfs: integer overflow in the bfs parser. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-45777 [MEDIUM] CWE-787 Grub2: grub-core/gettext: integer overflow leads to heap oob write. Grub2: grub-core/gettext: integer overflow leads to heap oob write. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-45781 [MEDIUM] CWE-787 Grub2: fs/ufs: oob write in the heap Grub2: fs/ufs: oob write in the heap FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2025-1118 [MEDIUM] CWE-501 Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and m

CVE-2024-45774 [MEDIUM] CWE-787 Grub2: reader/jpeg: heap oob write during jpeg parsing Grub2: reader/jpeg: heap oob write during jpeg parsing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t