Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2023-6121 [MEDIUM] CWE-125 Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-4535 [MEDIUM] CWE-125 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2023-46853 [CRITICAL] CWE-193 In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n. In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to us

CVE-2023-45853 [CRITICAL] CWE-190 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported par MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vuln

CVE-2023-4692 [HIGH] CWE-787 Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-46129 [HIGH] CWE-321 xkeys Seal encryption used fixed key for all encryption xkeys Seal encryption used fixed key for all encryption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2023-5717 [HIGH] CWE-787 Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and m

CVE-2023-34059 [HIGH] open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowin open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. FAQ: Is Azure Linux the only Microsoft produc

CVE-2023-5345 [HIGH] CWE-416 Use-after-free in Linux kernel's fs/smb/client component Use-after-free in Linux kernel's fs/smb/client component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-43615 [HIGH] CWE-120 Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2023-5535 [HIGH] CWE-416 Use After Free in vim/vim Use After Free in vim/vim FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency

CVE-2023-46813 [HIGH] An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of t An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to

CVE-2023-45142 [HIGH] CWE-770 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the mo

CVE-2023-5633 [HIGH] CWE-416 Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

CVE-2023-4911 [HIGH] CWE-787 Glibc: buffer overflow in ld.so leading to privilege escalation Glibc: buffer overflow in ld.so leading to privilege escalation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-46852 [HIGH] CWE-120 In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring. In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main be

CVE-2023-46136 [HIGH] CWE-787 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who

CVE-2023-5363 [HIGH] CWE-684 Incorrect cipher key & IV length processing Incorrect cipher key & IV length processing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2023-39325 [HIGH] CWE-770 HTTP/2 rapid reset can cause excessive work in net/http HTTP/2 rapid reset can cause excessive work in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2023-4693 [MEDIUM] CWE-125 Grub2: out-of-bounds read at fs/ntfs.c Grub2: out-of-bounds read at fs/ntfs.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft