Msrc Cbl2 Kernel 5.15.32.1-2 On Cbl Mariner 2.0 vulnerabilities

CVE-2022-0516 [HIGH] CWE-200 A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obta A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel ve

CVE-2022-27223 [HIGH] CWE-129 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12 the endpoint index is not validated and might be manipulated by the host for out-of-array access. In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12 the endpoint index is not validated and might be manipulated by the host for out-of-array access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b

CVE-2022-1011 [HIGH] CWE-416 A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem res A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem resulting in privilege escalation. FAQ: Is Azure Linux the only Microsof

CVE-2022-0742 [CRITICAL] CWE-401 Memory leak in ICMP6 in Linux Kernel Memory leak in ICMP6 in Linux Kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2022-26490 [HIGH] CWE-120 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentia

CVE-2021-4002 [MEDIUM] CWE-401 A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauth

CVE-2022-26878 [MEDIUM] CWE-401 drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who ch

CVE-2022-24958 [HIGH] CWE-763 drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date wit