Msrc Cbl2 Kernel 5.15.26.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2022-0847 [HIGH] CWE-665 A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus c A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to

CVE-2022-25265 [HIGH] CWE-913 In the Linux kernel through 5.16.10 certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g. with GCC 3.2.2 and Linux kernel 2.4.20). This can cause executio In the Linux kernel through 5.16.10 certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g. with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. F

CVE-2022-0185 [HIGH] CWE-191 A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivile A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled otherwise needs n

CVE-2021-4090 [HIGH] CWE-787 An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw a local attacker with user privilege may gain access to out-of-bounds

CVE-2021-45402 [MEDIUM] CWE-668 The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction which allows local users to obtain potent The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction which allows local users to obtain potentially sensitive address information aka a "pointer leak." FAQ: Is

CVE-2021-44879 [MEDIUM] CWE-476 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3 special files are not considered leading to a move_data_page NULL pointer dereference. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3 special files are not considered leading to a move_data_page NULL pointer dereference. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of t

CVE-2022-0264 [MEDIUM] CWE-755 A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel

CVE-2022-25375 [MEDIUM] CWE-1284 An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. FAQ: Is Azure Linux the

CVE-2022-25258 [MEDIUM] CWE-476 An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large a An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval

CVE-2022-24959 [MEDIUM] CWE-401 An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choo

CVE-2022-0382 [MEDIUM] CWE-909 An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a loc An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more

CVE-2022-0617 [MEDIUM] CWE-476 A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use th A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5

CVE-2022-24448 [LOW] CWE-755 An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag and tries to open a regular file nfs_atomic_open() performs a regular lookup. If An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag and tries to open a regular file nfs_atomic_open() performs a regular lookup. If a regular file is found ENOTDIR should occur but the server instead re

CVE-2022-24122 [HIGH] CWE-416 kernel/ucount.c in the Linux kernel 5.14 through 5.16.4 when unprivileged user namespaces are enabled allows a use-after-free and privilege escalation because a ucounts object can outlive its namespac kernel/ucount.c in the Linux kernel 5.14 through 5.16.4 when unprivileged user namespaces are enabled allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. FAQ: Is Azure Linux the only Microsoft product that includes this

CVE-2021-20194 [HIGH] CWE-20 There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y CONFIG_BPF=y CONFIG_CGROUPS=y CONFIG_CGROUP_BPF=y CONFIG_HARDENED_ There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y CONFIG_BPF=y CONFIG_CGROUPS=y CONFIG_CGROUP_BPF=y CONFIG_HARDENED_USERCOPY not set and BPF hook to getsockopt is registered). As result of B