Msrc Cbl2 Kernel 5.15.116.1-1 On Cbl Mariner 2.0 vulnerabilities

4 known vulnerabilities affecting msrc/cbl2_kernel_5.15.116.1-1_on_cbl_mariner_2.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-2598HIGHCVSS 7.82023-06-13
CVE-2023-2598 [HIGH] CWE-787 A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end o A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. FAQ:
msrc
CVE-2023-2985MEDIUMCVSS 5.52023-06-13
CVE-2023-2985 [MEDIUM] CWE-416 A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by thi
msrc
CVE-2023-0459MEDIUMCVSS 5.52023-05-09
CVE-2023-0459 [MEDIUM] CWE-763 Copy_from_user Spectre-V1 Gadget in Linux Kernel Copy_from_user Spectre-V1 Gadget in Linux Kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is
msrc
CVE-2023-34256MEDIUMCVSS 5.52023-05-09
CVE-2023-34256 [MEDIUM] CWE-125 An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check a An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kerne
msrc