Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-27982 [MEDIUM] The team has identified a critical vulnerability in the http server of the most recent version of Node where malformed headers can lead to HTTP request smuggling. Specifically if a space is placed bef The team has identified a critical vulnerability in the http server of the most recent version of Node where malformed headers can lead to HTTP request smuggling. Specifically if a space is placed before a content-length header it is not interpreted correctly enabling attack

CVE-2024-27013 [MEDIUM] CWE-770 tun: limit printing rate when illegal packet received by tun dev tun: limit printing rate when illegal packet received by tun dev FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-26993 [MEDIUM] fs: sysfs: Fix reference leak in sysfs_break_active_protection() fs: sysfs: Fix reference leak in sysfs_break_active_protection() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-1298 [MEDIUM] CWE-369 Integer Overflow caused by divide by zero during S3 suspension Integer Overflow caused by divide by zero during S3 suspension FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2024-4603 [MEDIUM] CWE-606 Excessive time spent checking DSA keys and parameters Excessive time spent checking DSA keys and parameters FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-43040 [MEDIUM] CWE-1220 IBM Spectrum Fusion HCI improper access control IBM Spectrum Fusion HCI improper access control FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-26973 [MEDIUM] fat: fix uninitialized field in nostale filehandles fat: fix uninitialized field in nostale filehandles FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-27015 [MEDIUM] netfilter: flowtable: incorrect pppoe tuple netfilter: flowtable: incorrect pppoe tuple FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-4418 [MEDIUM] CWE-416 Libvirt: stack use-after-free in virnetclientioeventloop() Libvirt: stack use-after-free in virnetclientioeventloop() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-26984 [MEDIUM] CWE-362 nouveau: fix instmem race condition around ptr stores nouveau: fix instmem race condition around ptr stores FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-27014 [MEDIUM] CWE-667 net/mlx5e: Prevent deadlock while disabling aRFS net/mlx5e: Prevent deadlock while disabling aRFS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-35982 [MEDIUM] CWE-835 batman-adv: Avoid infinite loop trying to resize local TT batman-adv: Avoid infinite loop trying to resize local TT FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-27397 [HIGH] netfilter: nf_tables: use timestamp to check for set element timeout netfilter: nf_tables: use timestamp to check for set element timeout FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-27282 [MEDIUM] CWE-125 An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler it is possible to extract arbitrary heap data relative to the start of the text incl An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler it is possible to extract arbitrary heap data relative to the start of the text including pointers and sensitive strings. The fixed versions are 3.0.7

CVE-2024-27016 [MEDIUM] netfilter: flowtable: validate pppoe header netfilter: flowtable: validate pppoe header FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-26953 [MEDIUM] net: esp: fix bad handling of pages from page_pool net: esp: fix bad handling of pages from page_pool FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-35978 [MEDIUM] CWE-401 Bluetooth: Fix memory leak in hci_req_sync_complete() Bluetooth: Fix memory leak in hci_req_sync_complete() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-26966 [MEDIUM] CWE-129 clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-32607 [MEDIUM] CWE-125 HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux di

CVE-2024-33875 [MEDIUM] CWE-120 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the m