Msrc Cbl2 Hyperv-Daemons 5.15.118.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-3359 [MEDIUM] CWE-476 An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is there

CVE-2023-21102 [HIGH] CWE-754 In __efi_rt_asm_wrapper of efi-rt-wrapper.S there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional In __efi_rt_asm_wrapper of efi-rt-wrapper.S there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo

CVE-2023-1989 [HIGH] CWE-416 A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw a call to btsdio_remove with an unfinished job may cause a race problem leading to a UA A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw a call to btsdio_remove with an unfinished job may cause a race problem leading to a UAF on hdev devices. FAQ: Is Azure Linux the only Microsoft product tha

CVE-2023-1998 [MEDIUM] CWE-203 Spectre v2 SMT mitigations problem in Linux kernel Spectre v2 SMT mitigations problem in Linux kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2023-25012 [MEDIUM] CWE-416 The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is theref