Msrc Cbl2 Kernel 5.15.137.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-1192 [MEDIUM] CWE-416 Use-after-free in smb2_is_status_io_timeout() Use-after-free in smb2_is_status_io_timeout() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compos

CVE-2023-39191 [HIGH] CWE-20 Kernel: ebpf: insufficient stack type checks in dynptr Kernel: ebpf: insufficient stack type checks in dynptr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-5717 [HIGH] CWE-787 Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and m

CVE-2023-46813 [HIGH] An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of t An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to

CVE-2023-42752 [MEDIUM] CWE-190 Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

CVE-2023-2430 [MEDIUM] CWE-667 A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. FAQ: Is Azure Linux the only Microsoft product that

CVE-2023-3338 [MEDIUM] CWE-476 Crash due to a null pointer dereference in the dn_nsp_send function Crash due to a null pointer dereference in the dn_nsp_send function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour