Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-47720 [MEDIUM] CWE-476 drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent an

CVE-2024-50045 [MEDIUM] CWE-476 netfilter: br_netfilter: fix panic with metadata_dst skb netfilter: br_netfilter: fix panic with metadata_dst skb FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-47712 [MEDIUM] CWE-476 wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2024-21213 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulne Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure whe

CVE-2024-47692 [MEDIUM] CWE-476 nfsd: return -EINVAL when namelen is 0 nfsd: return -EINVAL when namelen is 0 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-50602 [MEDIUM] CWE-754 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne

CVE-2024-50002 [MEDIUM] CWE-755 static_call: Handle module init failure correctly in static_call_del_module() static_call: Handle module init failure correctly in static_call_del_module() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-50041 [MEDIUM] CWE-401 i40e: Fix macvlan leak by synchronizing access to mac_filter_hash i40e: Fix macvlan leak by synchronizing access to mac_filter_hash FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-47674 [MEDIUM] CWE-459 mm: avoid leaving partial pfn mappings around in error case mm: avoid leaving partial pfn mappings around in error case FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-49858 [MEDIUM] efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-49954 [MEDIUM] static_call: Replace pointless WARN_ON() in static_call_module_notify() static_call: Replace pointless WARN_ON() in static_call_module_notify() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-49975 [MEDIUM] CWE-401 uprobes: fix kernel info leak via "[uprobes]" vma uprobes: fix kernel info leak via "[uprobes]" vma FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-50006 [MEDIUM] CWE-667 ext4: fix i_data_sem unlock order in ext4_ind_migrate() ext4: fix i_data_sem unlock order in ext4_ind_migrate() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-21219 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl

CVE-2024-21203 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl

CVE-2024-50046 [MEDIUM] CWE-476 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-50000 [MEDIUM] CWE-476 net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-50038 [MEDIUM] netfilter: xtables: avoid NFPROTO_UNSPEC where needed netfilter: xtables: avoid NFPROTO_UNSPEC where needed FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-49952 [MEDIUM] netfilter: nf_tables: prevent nf_skb_duplicated corruption netfilter: nf_tables: prevent nf_skb_duplicated corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-21238 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior 8.4.1 and prior and 9.0.1 and prior. Difficul Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access