Msrc Cbl2 Qemu 6.2.0-26 On Cbl Mariner 2.0 vulnerabilities

CVE-2026-2243 [MEDIUM] CWE-125 Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing Mariner: Mariner redhat: redhat Customer Action Required: Yes

CVE-2025-2296 [HIGH] CWE-20 Un-verified kernel bypass Secure Boot mechanism in direct boot mode Un-verified kernel bypass Secure Boot mechanism in direct boot mode Mariner: Mariner TianoCore: TianoCore Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68114 [MEDIUM] CWE-124 Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-2486 [LOW] CWE-489 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu Mariner: Mariner canonical: canonical Customer Action Required: Yes

CVE-2025-54566 [MEDIUM] CWE-642 hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327. hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2025-54567 [MEDIUM] CWE-684 hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327. hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro

CVE-2024-8354 [MEDIUM] CWE-617 Qemu-kvm: usb: assertion failure in usb_ep_get() Qemu-kvm: usb: assertion failure in usb_ep_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-38796 [MEDIUM] CWE-122 Integer overflow in PeCoffLoaderRelocateImage Integer overflow in PeCoffLoaderRelocateImage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-8612 [LOW] CWE-200 Qemu-kvm: information leak in virtio devices Qemu-kvm: information leak in virtio devices FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2023-45229 [MEDIUM] CWE-125 Out-of-Bounds Read in EDK II Network Package Out-of-Bounds Read in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2023-45231 [MEDIUM] CWE-125 Out-of-Bounds Read in EDK II Network Package Out-of-Bounds Read in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2022-4304 [MEDIUM] CWE-203 Timing Oracle in RSA Decryption Timing Oracle in RSA Decryption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed t