Msrc Cbl2 Kernel 5.15.176.3-3 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-22056 [HIGH] CWE-787 netfilter: nft_tunnel: fix geneve_opt type confusion addition netfilter: nft_tunnel: fix geneve_opt type confusion addition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2025-22097 [HIGH] drm/vkms: Fix use after free and double free on init error drm/vkms: Fix use after free and double free on init error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2025-21934 [HIGH] CWE-416 rapidio: fix an API misues when rio_add_net() fails rapidio: fix an API misues when rio_add_net() fails FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2025-21968 [HIGH] CWE-416 drm/amd/display: Fix slab-use-after-free on hdcp_work drm/amd/display: Fix slab-use-after-free on hdcp_work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2025-22035 [HIGH] CWE-416 tracing: Fix use-after-free in print_graph_function_flags during tracer switching tracing: Fix use-after-free in print_graph_function_flags during tracer switching FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2025-21920 [HIGH] CWE-125 vlan: enforce underlying device type vlan: enforce underlying device type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is co

CVE-2025-39735 [HIGH] CWE-125 jfs: fix slab-out-of-bounds read in ea_get() jfs: fix slab-out-of-bounds read in ea_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2025-21928 [HIGH] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-37785 [HIGH] CWE-125 ext4: fix OOB read when checking dotdot dir ext4: fix OOB read when checking dotdot dir FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2025-21919 [HIGH] CWE-787 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list sched/fair: Fix potential memory corruption in child_cfs_rq_on_list FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2025-21951 [MEDIUM] CWE-667 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2025-38152 [MEDIUM] CWE-476 remoteproc: core: Clear table_sz when rproc_shutdown remoteproc: core: Clear table_sz when rproc_shutdown FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2025-21922 [MEDIUM] ppp: Fix KMSAN uninit-value warning with bpf ppp: Fix KMSAN uninit-value warning with bpf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2025-22054 [MEDIUM] CWE-476 arcnet: Add NULL check in com20020pci_probe() arcnet: Add NULL check in com20020pci_probe() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2025-21917 [MEDIUM] CWE-476 usb: renesas_usbhs: Flush the notify_hotplug_work usb: renesas_usbhs: Flush the notify_hotplug_work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2025-39728 [MEDIUM] clk: samsung: Fix UBSAN panic in samsung_clk_init() clk: samsung: Fix UBSAN panic in samsung_clk_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2025-21957 [MEDIUM] CWE-476 scsi: qla1280: Fix kernel oops when debug level > 2 scsi: qla1280: Fix kernel oops when debug level > 2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2025-23136 [MEDIUM] thermal: int340x: Add NULL check for adev thermal: int340x: Add NULL check for adev FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2025-21898 [MEDIUM] CWE-369 ftrace: Avoid potential division by zero in function_stat_show() ftrace: Avoid potential division by zero in function_stat_show() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-21948 [MEDIUM] CWE-476 HID: appleir: Fix potential NULL dereference at raw event handle HID: appleir: Fix potential NULL dereference at raw event handle FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li