Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-50039 [MEDIUM] CWE-476 net/sched: accept TCA_STAB only for root qdisc net/sched: accept TCA_STAB only for root qdisc FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-47705 [MEDIUM] CWE-476 block: fix potential invalid pointer dereference in blk_add_partition block: fix potential invalid pointer dereference in blk_add_partition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-21239 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulne Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro

CVE-2024-47554 [MEDIUM] CWE-400 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most r

CVE-2024-49863 [MEDIUM] CWE-476 vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-49879 [MEDIUM] CWE-476 drm: omapdrm: Add missing check for alloc_ordered_workqueue drm: omapdrm: Add missing check for alloc_ordered_workqueue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-49902 [MEDIUM] jfs: check if leafidx greater than num leaves per dmap tree jfs: check if leafidx greater than num leaves per dmap tree FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-49927 [MEDIUM] x86/ioapic: Handle allocation failures gracefully x86/ioapic: Handle allocation failures gracefully FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-49948 [MEDIUM] net: add more sanity checks to qdisc_pkt_len_init() net: add more sanity checks to qdisc_pkt_len_init() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-21201 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploi Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m

CVE-2024-49949 [MEDIUM] net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: avoid potential underflow in qdisc_pkt_len_init() with UFO FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-49965 [MEDIUM] CWE-667 ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: remove unreasonable unlock in ocfs2_read_blocks FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-49933 [MEDIUM] blk_iocost: fix more out of bound shifts blk_iocost: fix more out of bound shifts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-42934 [MEDIUM] CWE-862 OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator resulting in denial of service or (with very low probability) authentication bypass or code OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator resulting in denial of service or (with very low probability) authentication bypass or code execution. FAQ: Is Azure Linux the only Microsoft product that in

CVE-2024-21241 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploi Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m

CVE-2024-49871 [MEDIUM] CWE-476 Input: adp5589-keys - fix NULL pointer dereference Input: adp5589-keys - fix NULL pointer dereference FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-9143 [MEDIUM] CWE-787 Low-level invalid GF(2^m) parameters lead to OOB memory access Low-level invalid GF(2^m) parameters lead to OOB memory access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2024-21236 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulne Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro

CVE-2024-50015 [MEDIUM] ext4: dax: fix overflowing extents beyond inode size when partially writing ext4: dax: fix overflowing extents beyond inode size when partially writing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-9676 [MEDIUM] CWE-22 Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu