Msrc Cbl2 Kernel 5.15.148.2-2 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-52434 [HIGH] CWE-119 smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix potential OOBs in smb2_parse_contexts() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-52435 [MEDIUM] CWE-119 net: prevent mss overflow in skb_segment() net: prevent mss overflow in skb_segment() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2023-52429 [MEDIUM] CWE-754 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.t dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.target_count. FAQ: Is Azure Linux the only Microsoft product that i

CVE-2024-1312 [MEDIUM] CWE-416 Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2023-6531 [HIGH] CWE-362 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2024-0565 [MEDIUM] CWE-191 Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to o

CVE-2023-6915 [MEDIUM] CWE-476 Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2018-20169 [MEDIUM] CWE-400 An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor related to __usb_get_extra_descriptor in drivers/usb/core/ An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. FAQ: Is Azure Linux the only Microsoft product that include