Msrc Cbl2 Kernel 5.15.167.1-2 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-50143 [HIGH] udf: fix uninit-value use in udf_get_fileshortad udf: fix uninit-value use in udf_get_fileshortad FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-50230 [HIGH] nilfs2: fix kernel bug due to missing clearing of checked flag nilfs2: fix kernel bug due to missing clearing of checked flag FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-50247 [HIGH] fs/ntfs3: Check if more than chunk-size bytes are written fs/ntfs3: Check if more than chunk-size bytes are written FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-50193 [HIGH] x86/entry_32: Clear CPU buffers after register restore in NMI return x86/entry_32: Clear CPU buffers after register restore in NMI return FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-53057 [HIGH] CWE-416 net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-50268 [HIGH] CWE-125 usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-50127 [HIGH] CWE-416 net: sched: fix use-after-free in taprio_change() net: sched: fix use-after-free in taprio_change() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-53059 [HIGH] wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-50257 [HIGH] CWE-416 netfilter: Fix use-after-free in get_info() netfilter: Fix use-after-free in get_info() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-50186 [HIGH] CWE-416 net: explicitly clear the sk pointer, when pf->create fails net: explicitly clear the sk pointer, when pf->create fails FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-50151 [HIGH] CWE-787 smb: client: fix OOBs when building SMB2_IOCTL request smb: client: fix OOBs when building SMB2_IOCTL request FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-50154 [HIGH] CWE-416 tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-50262 [HIGH] CWE-787 bpf: Fix out-of-bounds write in trie_get_next_key() bpf: Fix out-of-bounds write in trie_get_next_key() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-50279 [HIGH] dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: fix out-of-bounds access to the dirty bitset when resizing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-50234 [HIGH] CWE-367 wifi: iwlegacy: Clear stale interrupts before resuming device wifi: iwlegacy: Clear stale interrupts before resuming device FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-50282 [HIGH] CWE-120 drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-50131 [HIGH] CWE-120 tracing: Consider the NULL character when validating the event length tracing: Consider the NULL character when validating the event length FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-50301 [HIGH] CWE-125 security/keys: fix slab-out-of-bounds in key_task_permission security/keys: fix slab-out-of-bounds in key_task_permission FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-50180 [HIGH] CWE-787 fbdev: sisfb: Fix strbuf array overflow fbdev: sisfb: Fix strbuf array overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-50128 [HIGH] CWE-125 net: wwan: fix global oob in wwan_rtnl_policy net: wwan: fix global oob in wwan_rtnl_policy FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose