Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-35972 [MEDIUM] CWE-401 bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-35912 [MEDIUM] CWE-401 wifi: iwlwifi: mvm: rfi: fix potential response leaks wifi: iwlwifi: mvm: rfi: fix potential response leaks FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-27002 [MEDIUM] CWE-667 clk: mediatek: Do a runtime PM get on controllers during probe clk: mediatek: Do a runtime PM get on controllers during probe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2024-34250 [MEDIUM] CWE-122 A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" f A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c. FAQ: Is Azure Lin

CVE-2024-26965 [HIGH] clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-32020 [LOW] CWE-281 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux

CVE-2024-32021 [LOW] CWE-547 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it

CVE-2024-1874 [CRITICAL] CWE-116 Command injection via array-ish $command parameter of proc_open() Command injection via array-ish $command parameter of proc_open() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-3817 [CRITICAL] CWE-88 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2024-27983 [HIGH] An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 m An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the

CVE-2024-31082 [HIGH] CWE-126 Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-34088 [HIGH] CWE-476 In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL val In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value the OSPF daemon crashes leading to denial of service. FAQ: Is Azu

CVE-2024-31081 [HIGH] CWE-126 Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-26913 [HIGH] CWE-191 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2023-38709 [HIGH] CWE-1284 Apache HTTP Server: HTTP response splitting Apache HTTP Server: HTTP response splitting FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-31083 [HIGH] CWE-416 Xorg-x11-server: use-after-free in procrenderaddglyphs Xorg-x11-server: use-after-free in procrenderaddglyphs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-31080 [HIGH] CWE-126 Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-32487 [HIGH] CWE-96 less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled fil less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploit

CVE-2024-31583 [HIGH] CWE-416 Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the

CVE-2024-22189 [HIGH] CWE-770 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s