Msrc Cbl2 Kernel 5.15.158.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-26934 [HIGH] CWE-667 USB: core: Fix deadlock in usb_deauthorize_interface() USB: core: Fix deadlock in usb_deauthorize_interface() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-27018 [HIGH] netfilter: br_netfilter: skip conntrack input hook for promisc packets netfilter: br_netfilter: skip conntrack input hook for promisc packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-27020 [HIGH] CWE-362 netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-27019 [MEDIUM] CWE-362 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-27013 [MEDIUM] CWE-770 tun: limit printing rate when illegal packet received by tun dev tun: limit printing rate when illegal packet received by tun dev FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-27015 [MEDIUM] netfilter: flowtable: incorrect pppoe tuple netfilter: flowtable: incorrect pppoe tuple FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-27014 [MEDIUM] CWE-667 net/mlx5e: Prevent deadlock while disabling aRFS net/mlx5e: Prevent deadlock while disabling aRFS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-35997 [MEDIUM] CWE-667 HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-35982 [MEDIUM] CWE-835 batman-adv: Avoid infinite loop trying to resize local TT batman-adv: Avoid infinite loop trying to resize local TT FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-35990 [MEDIUM] CWE-667 dma: xilinx_dpdma: Fix locking dma: xilinx_dpdma: Fix locking FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to

CVE-2024-35984 [MEDIUM] CWE-476 i2c: smbus: fix NULL function pointer dereference i2c: smbus: fix NULL function pointer dereference FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-27016 [MEDIUM] netfilter: flowtable: validate pppoe header netfilter: flowtable: validate pppoe header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-35978 [MEDIUM] CWE-401 Bluetooth: Fix memory leak in hci_req_sync_complete() Bluetooth: Fix memory leak in hci_req_sync_complete() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-35972 [MEDIUM] CWE-401 bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-36008 [MEDIUM] CWE-476 ipv4: check for NULL idev in ip_route_use_hint() ipv4: check for NULL idev in ip_route_use_hint() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-26588 [HIGH] CWE-119 LoongArch: BPF: Prevent out-of-bounds memory access LoongArch: BPF: Prevent out-of-bounds memory access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2023-52447 [MEDIUM] CWE-416 bpf: Defer the free of inner map when necessary bpf: Defer the free of inner map when necessary FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-26587 [MEDIUM] CWE-476 net: netdevsim: don't try to destroy PHC on VFs net: netdevsim: don't try to destroy PHC on VFs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-21803 [LOW] CWE-416 Possible UAF in bt_accept_poll in Linux kernel Possible UAF in bt_accept_poll in Linux kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compos

CVE-2024-1086 [HIGH] CWE-416 Use-after-free in Linux kernel's netfilter: nf_tables component Use-after-free in Linux kernel's netfilter: nf_tables component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari