Msrc Cbl2 Hvloader 1.0.1-6 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-4741 [HIGH] CWE-416 Use After Free with SSL_free_buffers Use After Free with SSL_free_buffers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is com

CVE-2024-4603 [MEDIUM] CWE-606 Excessive time spent checking DSA keys and parameters Excessive time spent checking DSA keys and parameters FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-6237 [MEDIUM] CWE-606 Excessive time spent checking invalid RSA public keys Excessive time spent checking invalid RSA public keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-2511 [MEDIUM] CWE-1325 Unbounded memory growth with session handling in TLSv1.3 Unbounded memory growth with session handling in TLSv1.3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-28960 [HIGH] CWE-284 An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory. An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the m

CVE-2024-23775 [HIGH] Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2024-23170 [MEDIUM] CWE-203 An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choo

CVE-2023-6129 [MEDIUM] CWE-787 POLY1305 MAC implementation corrupts vector registers on PowerPC POLY1305 MAC implementation corrupts vector registers on PowerPC FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2023-3446 [MEDIUM] CWE-1333 Excessive time spent checking DH keys and parameters Excessive time spent checking DH keys and parameters FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-2975 [MEDIUM] CWE-354 AES-SIV implementation ignores empty associated data entries AES-SIV implementation ignores empty associated data entries FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2023-0466 [MEDIUM] CWE-295 Certificate policy check not enabled Certificate policy check not enabled FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is c