Msrc Cbl Mariner 1.0 X64 vulnerabilities

CVE-2020-13659 [LOW] CWE-476 address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it

CVE-2020-12657 [HIGH] CWE-416 An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our

CVE-2020-12653 [HIGH] CWE-787 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of se An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow aka CID-b702

CVE-2020-12654 [HIGH] CWE-787 An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an inc An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy aka CID-3a9b153c5591. FAQ: Is Azure Linux the only Mic

CVE-2020-12762 [HIGH] CWE-787 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file as demonstrated by printbuf_memappend. json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file as demonstrated by printbuf_memappend. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the

CVE-2020-12771 [MEDIUM] CWE-667 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the

CVE-2020-12888 [MEDIUM] CWE-755 The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to

CVE-2020-12826 [MEDIUM] CWE-190 A signal access-control issue was discovered in the Linux kernel before 5.6.5 aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits an integer overflow can interfere with a do A signal access-control issue was discovered in the Linux kernel before 5.6.5 aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an ar

CVE-2020-10744 [MEDIUM] CWE-362 An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible

CVE-2019-20807 [MEDIUM] CWE-78 In Vim before 8.1.0881 users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g. Python Ruby or Lua). In Vim before 8.1.0881 users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g. Python Ruby or Lua). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the

CVE-2020-10711 [MEDIUM] CWE-476 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_

CVE-2020-12770 [MEDIUM] An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case aka CID-83c6f2390040. An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case aka CID-83c6f2390040. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to ou

CVE-2020-12768 [MEDIUM] CWE-401 An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot the size is negligible and it can't be triggered at wi

CVE-2020-13143 [MEDIUM] CWE-125 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value which allows attacker gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value which allows attackers to trigger an out-of-bounds read aka CID-15753588bcd4. FAQ: Is A

CVE-2020-12659 [MEDIUM] CWE-787 An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom vali An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. FAQ: Is Azure Linux the only Microsoft product that includ

CVE-2020-13253 [MEDIUM] CWE-125 sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore po

CVE-2020-12656 [MEDIUM] CWE-401 gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls leading to a memory leak. Note: This gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any a

CVE-2020-10933 [MEDIUM] CWE-908 An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to fit the requested size but no data is copied. Thus the buffer strin

CVE-2020-10690 [MEDIUM] CWE-416 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During

CVE-2020-13645 [MEDIUM] CWE-295 In GNOME glib-networking through 2.64.2 the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server i In GNOME glib-networking through 2.64.2 the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior to