Msrc Cbl2 Kernel 5.15.162.2-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-42237 [MEDIUM] CWE-834 firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Validate payload length before processing block FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-42244 [MEDIUM] USB: serial: mos7840: fix crash on resume USB: serial: mos7840: fix crash on resume FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2024-42247 [MEDIUM] CWE-770 wireguard: allowedips: avoid unaligned 64-bit memory accesses wireguard: allowedips: avoid unaligned 64-bit memory accesses FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-42236 [MEDIUM] CWE-787 usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-42232 [MEDIUM] CWE-416 libceph: fix race between delayed_work() and ceph_monc_stop() libceph: fix race between delayed_work() and ceph_monc_stop() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-39487 [HIGH] CWE-125 bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-39480 [HIGH] CWE-120 kdb: Fix buffer overflow during tab-complete kdb: Fix buffer overflow during tab-complete FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-40902 [HIGH] CWE-120 jfs: xattr: fix buffer overflow for invalid xattr jfs: xattr: fix buffer overflow for invalid xattr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-41073 [HIGH] CWE-415 nvme: avoid double free special payload nvme: avoid double free special payload FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-42225 [HIGH] CWE-908 wifi: mt76: replace skb_put with skb_put_zero wifi: mt76: replace skb_put with skb_put_zero FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-41070 [HIGH] CWE-416 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-39495 [HIGH] CWE-416 greybus: Fix use-after-free bug in gb_interface_release due to race condition. greybus: Fix use-after-free bug in gb_interface_release due to race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-39483 [MEDIUM] KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-42153 [MEDIUM] CWE-667 i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o

CVE-2024-42229 [MEDIUM] crypto: aeadcipher - zeroize key buffer after use crypto: aeadcipher - zeroize key buffer after use FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2022-48841 [MEDIUM] CWE-476 ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-39473 [MEDIUM] CWE-476 ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most r

CVE-2024-42154 [MEDIUM] CWE-754 tcp_metrics: validate source addr length tcp_metrics: validate source addr length FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2024-42083 [MEDIUM] CWE-476 ionic: fix kernel panic due to multi-buffer handling ionic: fix kernel panic due to multi-buffer handling FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-42078 [MEDIUM] CWE-665 nfsd: initialise nfsd_info.mutex early. nfsd: initialise nfsd_info.mutex early. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso