Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2024-49997 [HIGH] CWE-212 net: ethernet: lantiq_etop: fix memory disclosure net: ethernet: lantiq_etop: fix memory disclosure FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-49930 [HIGH] CWE-129 wifi: ath11k: fix array out-of-bound access in SoC stats wifi: ath11k: fix array out-of-bound access in SoC stats FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-8927 [HIGH] cgi.force_redirect configuration is bypassable due to the environment variable collision cgi.force_redirect configuration is bypassable due to the environment variable collision FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2024-49936 [HIGH] CWE-416 net/xen-netback: prevent UAF in xenvif_flush_hash() net/xen-netback: prevent UAF in xenvif_flush_hash() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-47747 [HIGH] CWE-416 net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec

CVE-2024-49895 [HIGH] CWE-129 drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mo

CVE-2024-47748 [HIGH] CWE-416 vhost_vdpa: assign irq bypass producer token correctly vhost_vdpa: assign irq bypass producer token correctly FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-47696 [HIGH] CWE-416 RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-47757 [HIGH] CWE-125 nilfs2: fix potential oob read in nilfs_btree_check_delete() nilfs2: fix potential oob read in nilfs_btree_check_delete() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-49982 [HIGH] CWE-416 aoe: fix the potential use-after-free problem in more places aoe: fix the potential use-after-free problem in more places FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-9632 [HIGH] CWE-122 Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent a

CVE-2024-47701 [HIGH] CWE-416 ext4: avoid OOB when system.data xattr changes underneath the filesystem ext4: avoid OOB when system.data xattr changes underneath the filesystem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-49995 [HIGH] tipc: guard against string buffer overrun tipc: guard against string buffer overrun FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-49981 [HIGH] CWE-362 media: venus: fix use after free bug in venus_remove due to race condition media: venus: fix use after free bug in venus_remove due to race condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2024-49900 [HIGH] CWE-908 jfs: Fix uninit-value access of new_ea in ea_buffer jfs: Fix uninit-value access of new_ea in ea_buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-47695 [HIGH] CWE-787 RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-49983 [HIGH] CWE-415 ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-6197 [HIGH] CWE-590 Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-6197 FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain cod

CVE-2024-47698 [HIGH] CWE-787 drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-8926 [CRITICAL] CWE-78 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li