Msrc Cbl Mariner 1.0 Arm vulnerabilities

CVE-2023-27561 [HIGH] CWE-706 runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custo runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges related to libcontainer/rootfs_linux.go. To exploit this an attacker must be able to spawn two containers with custom volume-mount configurations and be able to run custom images. NOTE:

CVE-2023-1670 [HIGH] CWE-416 A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. FAQ: Is Azure Linux the only Microsoft product that includes

CVE-2023-1281 [HIGH] CWE-416 UAF in Linux kernel's tcindex (traffic control index filter) implementation UAF in Linux kernel's tcindex (traffic control index filter) implementation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-1390 [HIGH] CWE-1050 A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs which are not in th A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs which are not in the queue. Sending two small UDP packets to a system with a UDP bearer

CVE-2023-1252 [HIGH] CWE-416 A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash o A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9

CVE-2023-0179 [HIGH] CWE-190 A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses and potentially allow Local Privilege Esca A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. FAQ: Is Azure L

CVE-2023-26604 [HIGH] systemd before 247 does not adequately block local privilege escalation for some Sudo configurations e.g. plausible sudoers files in which the "systemctl status" command may be executed. Specifically systemd before 247 does not adequately block local privilege escalation for some Sudo configurations e.g. plausible sudoers files in which the "systemctl status" command may be executed. Specifically systemd does not set LESSSECURE to 1 and thus other programs may be launched

CVE-2023-0386 [HIGH] CWE-282 A flaw was found in the Linux kernel where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable A flaw was found in the Linux kernel where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allo

CVE-2023-28425 [MEDIUM] CWE-77 Specially crafted MSETNX command can lead to denial-of-service Specially crafted MSETNX command can lead to denial-of-service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-23003 [MEDIUM] CWE-252 In the Linux kernel before 5.16 tools/perf/util/expr.c lacks a check for the hashmap__new return value. In the Linux kernel before 5.16 tools/perf/util/expr.c lacks a check for the hashmap__new return value. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it

CVE-2023-23006 [MEDIUM] CWE-476 In the Linux kernel before 5.15.13 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case whereas it is In the Linux kernel before 5.15.13 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case whereas it is actually an error pointer). FAQ: Is Azure Linux the only Microsof

CVE-2023-28486 [MEDIUM] CWE-116 Sudo before 1.9.13 does not escape control characters in log messages. Sudo before 1.9.13 does not escape control characters in log messages. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2023-1249 [MEDIUM] CWE-416 A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_ A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet then kernel could be affected. FAQ: Is Azure

CVE-2023-23000 [MEDIUM] CWE-476 In the Linux kernel before 5.17 drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case but an error pointer is used. In the Linux kernel before 5.17 drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case but an error pointer is used. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore pote

CVE-2023-1355 [MEDIUM] CWE-476 NULL Pointer Dereference in vim/vim NULL Pointer Dereference in vim/vim FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is com

CVE-2023-0465 [MEDIUM] CWE-295 Invalid certificate policies in leaf certificates are silently ignored Invalid certificate policies in leaf certificates are silently ignored FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the ope

CVE-2023-23005 [MEDIUM] CWE-476 In the Linux kernel before 6.2 mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case whereas it is actually an error pointer). NOTE: this is dispu In the Linux kernel before 6.2 mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which

CVE-2023-28772 [MEDIUM] CWE-120 An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-25809 [MEDIUM] CWE-281 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-28487 [MEDIUM] CWE-116 Sudo before 1.9.13 does not escape control characters in sudoreplay output. Sudo before 1.9.13 does not escape control characters in sudoreplay output. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions