Msrc Cbl2 Kernel 5.15.126.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-4147 [HIGH] CWE-416 Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up

CVE-2023-4389 [HIGH] CWE-415 Kernel: btrfs: double free in btrfs_get_root_ref() Kernel: btrfs: double free in btrfs_get_root_ref() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2023-40283 [HIGH] CWE-416 An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore

CVE-2023-4387 [HIGH] CWE-416 Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wit

CVE-2023-4132 [MEDIUM] CWE-416 Kernel: smsusb: use-after-free caused by do_submit_urb() Kernel: smsusb: use-after-free caused by do_submit_urb() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2023-4459 [MEDIUM] CWE-476 Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup() Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2023-4194 [MEDIUM] CWE-863 Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most

CVE-2023-4385 [MEDIUM] CWE-476 Kernel: jfs: null pointer dereference in dbfree() Kernel: jfs: null pointer dereference in dbfree() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2023-3812 [HIGH] CWE-787 Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2023-3567 [HIGH] CWE-416 Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-32248 [HIGH] CWE-476 Tree connection null pointer dereference denial-of-service vulnerability Tree connection null pointer dereference denial-of-service vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-32247 [HIGH] CWE-401 Session setup memory exhaustion denial-of-service vulnerability Session setup memory exhaustion denial-of-service vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2023-4004 [HIGH] CWE-416 Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent a

CVE-2023-2860 [MEDIUM] CWE-125 Out-of-bounds read when setting hmac data Out-of-bounds read when setting hmac data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micr

CVE-2023-3439 [MEDIUM] CWE-416 A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However a running routine may be unaware of t A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object potential

CVE-2023-1206 [MEDIUM] CWE-400 A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or wi A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the ser

CVE-2023-2007 [HIGH] CWE-667 The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction w The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary

CVE-2022-0850 [HIGH] CWE-200 A vulnerability was found in linux kernel where an information leak occurs via ext4_extent_header to userspace. A vulnerability was found in linux kernel where an information leak occurs via ext4_extent_header to userspace. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitmen