Msrc Cbl2 Kernel 5.15.180.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-21999 [HIGH] proc: fix UAF in proc_get_inode() proc: fix UAF in proc_get_inode() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tra

CVE-2025-22004 [HIGH] CWE-416 net: atm: fix use after free in lec_send() net: atm: fix use after free in lec_send() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2025-22056 [HIGH] CWE-787 netfilter: nft_tunnel: fix geneve_opt type confusion addition netfilter: nft_tunnel: fix geneve_opt type confusion addition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2025-22097 [HIGH] drm/vkms: Fix use after free and double free on init error drm/vkms: Fix use after free and double free on init error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2025-21934 [HIGH] CWE-416 rapidio: fix an API misues when rio_add_net() fails rapidio: fix an API misues when rio_add_net() fails FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2025-22035 [HIGH] CWE-416 tracing: Fix use-after-free in print_graph_function_flags during tracer switching tracing: Fix use-after-free in print_graph_function_flags during tracer switching FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2025-21920 [HIGH] CWE-125 vlan: enforce underlying device type vlan: enforce underlying device type FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is co

CVE-2025-21993 [HIGH] CWE-125 iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2025-37785 [HIGH] CWE-125 ext4: fix OOB read when checking dotdot dir ext4: fix OOB read when checking dotdot dir FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2025-21991 [HIGH] CWE-129 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2025-21919 [HIGH] CWE-787 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list sched/fair: Fix potential memory corruption in child_cfs_rq_on_list FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2025-21951 [MEDIUM] CWE-667 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2025-21922 [MEDIUM] ppp: Fix KMSAN uninit-value warning with bpf ppp: Fix KMSAN uninit-value warning with bpf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2025-21917 [MEDIUM] CWE-476 usb: renesas_usbhs: Flush the notify_hotplug_work usb: renesas_usbhs: Flush the notify_hotplug_work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2025-22007 [MEDIUM] CWE-476 Bluetooth: Fix error code in chan_alloc_skb_cb() Bluetooth: Fix error code in chan_alloc_skb_cb() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-22010 [MEDIUM] CWE-667 RDMA/hns: Fix soft lockup during bt pages loop RDMA/hns: Fix soft lockup during bt pages loop FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2025-21957 [MEDIUM] CWE-476 scsi: qla1280: Fix kernel oops when debug level > 2 scsi: qla1280: Fix kernel oops when debug level > 2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2025-21898 [MEDIUM] CWE-369 ftrace: Avoid potential division by zero in function_stat_show() ftrace: Avoid potential division by zero in function_stat_show() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-21948 [MEDIUM] CWE-476 HID: appleir: Fix potential NULL dereference at raw event handle HID: appleir: Fix potential NULL dereference at raw event handle FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-21996 [MEDIUM] CWE-908 drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source