Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2022-1353 [HIGH] CWE-200 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local unprivileged user to gain access to kernel memory leading to a system crash o A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local unprivileged user to gain access to kernel memory leading to a system crash or a leak of internal kernel information. FAQ: Is Azure Linux the only

CVE-2021-3847 [HIGH] CWE-281 An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into anot An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileg

CVE-2021-4207 [HIGH] CWE-362 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A maliciou

CVE-2022-27649 [HIGH] CWE-276 A flaw was found in Podman where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly wit A flaw was found in Podman where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows

CVE-2022-24795 [MEDIUM] CWE-122 Buffer Overflow and Integer Overflow in yajl-ruby Buffer Overflow and Integer Overflow in yajl-ruby FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2022-1015 [MEDIUM] CWE-787 A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affecte

CVE-2022-24736 [LOW] CWE-476 A Malformed Lua script can crash Redis A Malformed Lua script can crash Redis FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2022-21451 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com

CVE-2022-21482 [MEDIUM] Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high priv Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached

CVE-2022-21479 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privil Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ

CVE-2022-27651 [MEDIUM] CWE-276 A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-emp A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities enabling an attacker with

CVE-2022-28506 [MEDIUM] CWE-787 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-21483 [MEDIUM] Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and pri Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with

CVE-2022-29869 [MEDIUM] CWE-532 cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? On

CVE-2022-21478 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privil Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ

CVE-2022-1195 [MEDIUM] CWE-416 A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpa A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. FAQ: Is Azure Li

CVE-2022-21484 [LOW] Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and pri Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with ac

CVE-2022-21485 [LOW] Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and pri Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with ac

CVE-2022-21486 [LOW] Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and pri Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior 7.5.25 and prior 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with ac

CVE-2022-24735 [LOW] CWE-94 Lua scripts can be manipulated to overcome ACL rules in Redis Lua scripts can be manipulated to overcome ACL rules in Redis FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi