Msrc Cbl2 Kernel 5.15.158.2-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-36971 [HIGH] CWE-416 net: fix __dst_negative_advice() race net: fix __dst_negative_advice() race FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2022-48670 [HIGH] CWE-416 peci: cpu: Fix use-after-free in adev_release() peci: cpu: Fix use-after-free in adev_release() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2023-52827 [HIGH] CWE-125 wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-26952 [HIGH] CWE-120 ksmbd: fix potencial out-of-bounds when buffer offset is invalid ksmbd: fix potencial out-of-bounds when buffer offset is invalid FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-36023 [MEDIUM] CWE-476 Julia Lawall reported this null pointer dereference this should fix it. Julia Lawall reported this null pointer dereference this should fix it. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-36938 [MEDIUM] CWE-476 bpf skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue bpf skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-36897 [MEDIUM] CWE-476 drm/amd/display: Atom Integrated System Info v2_2 for DCN35 drm/amd/display: Atom Integrated System Info v2_2 for DCN35 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-26949 [MEDIUM] CWE-476 drm/amdgpu/pm: Fix NULL pointer dereference when get power limit drm/amdgpu/pm: Fix NULL pointer dereference when get power limit FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-36902 [MEDIUM] CWE-476 ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-26902 [MEDIUM] CWE-476 perf: RISCV: Fix panic on pmu overflow handler perf: RISCV: Fix panic on pmu overflow handler FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-26585 [MEDIUM] CWE-362 tls: fix race between tx work scheduling and socket close tls: fix race between tx work scheduling and socket close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-25739 [MEDIUM] CWE-754 create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes and crash because of a missing check for ubi->leb_size. create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes and crash because of a missing check for ubi->leb_size. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by th

CVE-2024-26584 [MEDIUM] CWE-755 net: tls: handle backlogging of crypto requests net: tls: handle backlogging of crypto requests FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-26583 [MEDIUM] CWE-362 tls: fix race between async notify and socket close tls: fix race between async notify and socket close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2023-47233 [MEDIUM] CWE-416 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access this "could be exploited in a real world scenario

CVE-2022-38096 [MEDIUM] CWE-476 There is a NULL pointer vulnerability in vmwgfx driver There is a NULL pointer vulnerability in vmwgfx driver FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t