Msrc Cbl2 Qemu 6.2.0-25 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-2486 [LOW] CWE-489 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu Mariner: Mariner canonical: canonical Customer Action Required: Yes

CVE-2025-11234 [HIGH] CWE-416 Qemu-kvm: vnc websocket handshake use-after-free Qemu-kvm: vnc websocket handshake use-after-free FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-8354 [MEDIUM] CWE-617 Qemu-kvm: usb: assertion failure in usb_ep_get() Qemu-kvm: usb: assertion failure in usb_ep_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-38796 [MEDIUM] CWE-122 Integer overflow in PeCoffLoaderRelocateImage Integer overflow in PeCoffLoaderRelocateImage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-8612 [LOW] CWE-200 Qemu-kvm: information leak in virtio devices Qemu-kvm: information leak in virtio devices FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2023-45229 [MEDIUM] CWE-125 Out-of-Bounds Read in EDK II Network Package Out-of-Bounds Read in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2023-45231 [MEDIUM] CWE-125 Out-of-Bounds Read in EDK II Network Package Out-of-Bounds Read in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2022-4304 [MEDIUM] CWE-203 Timing Oracle in RSA Decryption Timing Oracle in RSA Decryption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed t