Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2025-25199 [HIGH] CWE-401 BCryptGenerateSymmetricKey memory leak BCryptGenerateSymmetricKey memory leak NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25199 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2023-32002 [CRITICAL] HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-32002 FAQ: Why is this HackerOne CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Node.js software which is consumed by Microsoft Visual Studio. It is being documented in the Security U

CVE-2007-4559 [CRITICAL] CVE-2007-4559: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: python3 Reference: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 Remediation: python2

CVE-2024-50074 [HIGH] CVE-2024-50074: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-50074 Mariner: Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-50074

CVE-2024-2881 [MEDIUM] CVE-2024-2881: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-2881 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: mariadb Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-2881

CVE-2024-38472 [HIGH] CVE-2024-38472: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38472 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: httpd Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-38472

CVE-2024-49966 [HIGH] CVE-2024-49966: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49966 Mariner: Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-49966

CVE-2024-49967 [HIGH] CVE-2024-49967: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49967 Mariner: Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-49967

CVE-2024-42072 [HIGH] CVE-2024-42072: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-42072 Mariner: Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: kernel Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-42072

CVE-2024-43790 [MEDIUM] CVE-2024-43790: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-43790 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: vim Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-43790

CVE-2024-45159 [CRITICAL] CVE-2024-45159: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45159 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: hvloader Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45159

CVE-2024-30166 [CRITICAL] CVE-2024-30166: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30166 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: hvloader Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-30166

CVE-2024-11236 [CRITICAL] CWE-787 Integer overflow in the firebird and dblib quoters causing OOB writes Integer overflow in the firebird and dblib quoters causing OOB writes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-8932 [CRITICAL] CWE-787 OOB access in ldap_escape OOB access in ldap_escape FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpar

CVE-2024-5535 [CRITICAL] CWE-1395 OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5535 Description: We are republishing this OpenSSL CVE to document that the latest version Microsoft Defender for Endpoint has been updated to protect against this OpenSSL library vulnerability. FAQ: How could an attacker exploit this vulnerability? Exploitation of this vulnerabil

CVE-2024-11233 [MEDIUM] CWE-122 Single byte overread with convert.quoted-printable-decode filter Single byte overread with convert.quoted-printable-decode filter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-50143 [HIGH] udf: fix uninit-value use in udf_get_fileshortad udf: fix uninit-value use in udf_get_fileshortad FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-50230 [HIGH] nilfs2: fix kernel bug due to missing clearing of checked flag nilfs2: fix kernel bug due to missing clearing of checked flag FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-50247 [HIGH] fs/ntfs3: Check if more than chunk-size bytes are written fs/ntfs3: Check if more than chunk-size bytes are written FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-50193 [HIGH] x86/entry_32: Clear CPU buffers after register restore in NMI return x86/entry_32: Clear CPU buffers after register restore in NMI return FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr