Msrc Cbl2 Kernel 5.15.92.1-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-0266 [HIGH] CWE-416 Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-23559 [HIGH] CWE-190 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5 there is an integer overflow in an addition. In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5 there is an integer overflow in an addition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose

CVE-2023-0468 [MEDIUM] CWE-416 A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer der A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. FAQ: Is Azure Linux the only Microsoft product that inclu

CVE-2022-47929 [MEDIUM] CWE-476 In the Linux kernel before 6.1.6 a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control In the Linux kernel before 6.1.6 a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" comman

CVE-2023-0394 [MEDIUM] CWE-476 A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially a

CVE-2022-42328 [MEDIUM] CWE-667 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-3 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when t

CVE-2022-42329 [MEDIUM] CWE-667 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-3 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when t

CVE-2022-4662 [MEDIUM] CWE-455 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected

CVE-2022-41218 [MEDIUM] CWE-416 In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 there is a use-after-free caused by refcount races affecting dvb_demux_open and dvb_dmxdev_release. In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 there is a use-after-free caused by refcount races affecting dvb_demux_open and dvb_dmxdev_release. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b

CVE-2022-1943 [HIGH] CWE-787 A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this fl A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially FAQ: Is Azure Linux the only Mi