Msrc Cbl2 Kernel 5.15.179.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-21858 [HIGH] geneve: Fix use-after-free in geneve_find_dev(). geneve: Fix use-after-free in geneve_find_dev(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2025-21859 [MEDIUM] CWE-667 USB: gadget: f_midi: f_midi_complete to call queue_work USB: gadget: f_midi: f_midi_complete to call queue_work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2025-21848 [MEDIUM] CWE-476 nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-21862 [MEDIUM] CWE-908 drop_monitor: fix incorrect initialization order drop_monitor: fix incorrect initialization order FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-21846 [MEDIUM] CWE-476 acct: perform last write from workqueue acct: perform last write from workqueue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2025-21791 [HIGH] vrf: use RCU protection in l3mdev_l3_out() vrf: use RCU protection in l3mdev_l3_out() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2024-58002 [HIGH] media: uvcvideo: Remove dangling pointers media: uvcvideo: Remove dangling pointers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-57980 [HIGH] media: uvcvideo: Fix double free in error path media: uvcvideo: Fix double free in error path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2025-21718 [HIGH] CWE-362 net: rose: fix timer races against user threads net: rose: fix timer races against user threads FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2025-21744 [MEDIUM] wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2025-21787 [MEDIUM] team: better TEAM_OPTION_TYPE_STRING validation team: better TEAM_OPTION_TYPE_STRING validation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-57981 [MEDIUM] CWE-476 usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Fix NULL pointer dereference on certain command aborts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-58020 [MEDIUM] CWE-476 HID: multitouch: Add NULL check in mt_input_configured HID: multitouch: Add NULL check in mt_input_configured FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2025-21776 [MEDIUM] USB: hub: Ignore non-compliant devices with too many configs or interfaces USB: hub: Ignore non-compliant devices with too many configs or interfaces FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2025-21779 [MEDIUM] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2025-21707 [MEDIUM] mptcp: consolidate suboption status mptcp: consolidate suboption status FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed

CVE-2024-57977 [MEDIUM] memcg: fix soft lockup in the OOM process memcg: fix soft lockup in the OOM process FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2025-21736 [MEDIUM] CWE-190 nilfs2: fix possible int overflows in nilfs_fiemap() nilfs2: fix possible int overflows in nilfs_fiemap() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2025-21711 [MEDIUM] CWE-190 net/rose: prevent integer overflows in rose_setsockopt() net/rose: prevent integer overflows in rose_setsockopt() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-58010 [MEDIUM] CWE-190 binfmt_flat: Fix integer overflow bug on 32 bit systems binfmt_flat: Fix integer overflow bug on 32 bit systems FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which