Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2022-23551 [MEDIUM] CWE-1259 AAD Pod Identity obtaining token with backslash AAD Pod Identity obtaining token with backslash FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2022-4662 [MEDIUM] CWE-455 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected

CVE-2022-41900 [HIGH] CWE-787 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2022-41880 [MEDIUM] CWE-125 ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2022-41911 [MEDIUM] CWE-704 Invalid char to bool conversion when printing a tensor in Tensorflow Invalid char to bool conversion when printing a tensor in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2022-41886 [MEDIUM] CWE-131 Overflow in `ImageProjectiveTransformV2` in Tensorflow Overflow in `ImageProjectiveTransformV2` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2022-41895 [MEDIUM] CWE-125 `MirrorPadGrad` heap out of bounds read in Tensorflow `MirrorPadGrad` heap out of bounds read in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2022-42919 [HIGH] Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library when used with the forkserver start me Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same mac

CVE-2022-41884 [MEDIUM] CWE-670 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

CVE-2022-41891 [MEDIUM] CWE-20 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2022-41909 [MEDIUM] CWE-476 Segfault in `CompositeTensorVariantToComponents` in Tensorflow Segfault in `CompositeTensorVariantToComponents` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2022-41888 [MEDIUM] CWE-20 Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure v

CVE-2022-45934 [HIGH] CWE-190 An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

CVE-2022-41897 [MEDIUM] CWE-125 `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2022-41907 [MEDIUM] CWE-131 Overflow in `ResizeNearestNeighborGrad` in Tensorflow Overflow in `ResizeNearestNeighborGrad` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2022-41896 [MEDIUM] CWE-1284 `tf.raw_ops.Mfcc` crashes in Tensorflow `tf.raw_ops.Mfcc` crashes in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micros

CVE-2022-41894 [HIGH] CWE-120 Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2022-41901 [MEDIUM] CWE-617 `CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow `CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2022-41899 [MEDIUM] CWE-617 `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2022-3872 [HIGH] CWE-193 An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_ An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_count == block_size. A malicious guest could use this flaw to crash th