Msrc Cbl2 Kernel 5.15.160.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-39480 [HIGH] CWE-120 kdb: Fix buffer overflow during tab-complete kdb: Fix buffer overflow during tab-complete FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-40902 [HIGH] CWE-120 jfs: xattr: fix buffer overflow for invalid xattr jfs: xattr: fix buffer overflow for invalid xattr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-39495 [HIGH] CWE-416 greybus: Fix use-after-free bug in gb_interface_release due to race condition. greybus: Fix use-after-free bug in gb_interface_release due to race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-39489 [MEDIUM] CWE-401 ipv6: sr: fix memleak in seg6_hmac_init_algo ipv6: sr: fix memleak in seg6_hmac_init_algo FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-39476 [MEDIUM] CWE-667 md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2024-42076 [MEDIUM] CWE-908 net: can: j1939: Initialize unused data in j1939_send_one() net: can: j1939: Initialize unused data in j1939_send_one() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-42068 [MEDIUM] CWE-252 bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o

CVE-2024-39493 [MEDIUM] CWE-401 crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-42082 [MEDIUM] CWE-770 xdp: Remove WARN() from __xdp_reg_mem_model() xdp: Remove WARN() from __xdp_reg_mem_model() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-42080 [MEDIUM] CWE-787 RDMA/restrack: Fix potential invalid address access RDMA/restrack: Fix potential invalid address access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-39482 [MEDIUM] CWE-770 bcache: fix variable length array abuse in btree_iter bcache: fix variable length array abuse in btree_iter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-39475 [MEDIUM] CWE-369 fbdev: savage: Handle err return when savagefb_check_var failed fbdev: savage: Handle err return when savagefb_check_var failed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-39484 [MEDIUM] CWE-770 mmc: davinci: Don't strip remove function when driver is builtin mmc: davinci: Don't strip remove function when driver is builtin FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-42077 [MEDIUM] ocfs2: fix DIO failure due to insufficient transaction credits ocfs2: fix DIO failure due to insufficient transaction credits FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-42070 [MEDIUM] CWE-401 netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2024-36477 [HIGH] CWE-125 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-38664 [HIGH] CWE-667 drm: zynqmp_dpsub: Always register bridge drm: zynqmp_dpsub: Always register bridge FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2024-39291 [HIGH] CWE-120 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2024-39277 [HIGH] CWE-125 dma-mapping: benchmark: handle NUMA_NO_NODE correctly dma-mapping: benchmark: handle NUMA_NO_NODE correctly FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-38583 [HIGH] CWE-416 nilfs2: fix use-after-free of timer for log writer thread nilfs2: fix use-after-free of timer for log writer thread FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi