Msrc Cbl2 Kernel 5.15.186.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-40251 [MEDIUM] devlink: rate: Unset parent pointer in devl_rate_nodes_destroy devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2023-54207 [HIGH] CWE-416 HID: uclogic: Correct devm device reference for hidinput input_dev name HID: uclogic: Correct devm device reference for hidinput input_dev name Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68223 [MEDIUM] drm/radeon: delete radeon_fence_process in is_signaled, no deadlock drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68725 [MEDIUM] bpf: Do not let BPF test infra emit invalid GSO types to stack bpf: Do not let BPF test infra emit invalid GSO types to stack Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68340 [MEDIUM] team: Move team device type change at the end of team_port_add team: Move team device type change at the end of team_port_add Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68211 [MEDIUM] ksm: use range-walk function to jump over holes in scan_get_next_rmap_item ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68365 [MEDIUM] fs/ntfs3: Initialize allocated memory before use fs/ntfs3: Initialize allocated memory before use Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68358 [MEDIUM] btrfs: fix racy bitfield write in btrfs_clear_space_info_full() btrfs: fix racy bitfield write in btrfs_clear_space_info_full() Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-40149 [HIGH] tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-40164 [MEDIUM] usbnet: Fix using smp_processor_id() in preemptible code warnings usbnet: Fix using smp_processor_id() in preemptible code warnings Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-39925 [MEDIUM] can: j1939: implement NETDEV_UNREGISTER notification handler can: j1939: implement NETDEV_UNREGISTER notification handler FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2025-39907 [MEDIUM] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2025-39905 [HIGH] net: phylink: add lock for serializing concurrent pl->phydev writes with resolver net: phylink: add lock for serializing concurrent pl->phydev writes with resolver FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2025-39901 [HIGH] CWE-125 i40e: remove read access to debugfs files i40e: remove read access to debugfs files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2025-39913 [HIGH] tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec

CVE-2025-39894 [MEDIUM] netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2022-50467 [MEDIUM] CWE-476 scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-40005 [MEDIUM] spi: cadence-quadspi: Implement refcount to handle unbind during busy spi: cadence-quadspi: Implement refcount to handle unbind during busy FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2022-50464 [MEDIUM] mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-39923 [MEDIUM] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li