Msrc Cbl2 Kernel 5.15.102.1-3 On Cbl Mariner 2.0 vulnerabilities

CVE-2022-48424 [HIGH] In the Linux kernel before 6.1.3 fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. In the Linux kernel before 6.1.3 fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure

CVE-2023-1281 [HIGH] CWE-416 UAF in Linux kernel's tcindex (traffic control index filter) implementation UAF in Linux kernel's tcindex (traffic control index filter) implementation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2022-48423 [HIGH] CWE-787 In the Linux kernel before 6.1.3 fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. In the Linux kernel before 6.1.3 fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the

CVE-2023-1079 [MEDIUM] CWE-416 A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device which advertises itself as an Asus device. Simil A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012 but in asus devices the wo

CVE-2023-1513 [LOW] CWE-665 A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing an information leak. FAQ: Is Azure Linux the only Microsoft product th