Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-46819 [MEDIUM] CWE-476 drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amdgpu: the warning dereferencing obj for nbio_v7_4 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-44969 [MEDIUM] CWE-401 s390/sclp: Prevent release of buffer in I/O s390/sclp: Prevent release of buffer in I/O FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-20506 [MEDIUM] CWE-754 ClamAV Privilege Handling Escalation Vulnerability ClamAV Privilege Handling Escalation Vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-46707 [MEDIUM] CWE-476 KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-46739 [MEDIUM] CWE-476 uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-45009 [MEDIUM] mptcp: pm: only decrement add_addr_accepted for MPJ req mptcp: pm: only decrement add_addr_accepted for MPJ req FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-44965 [MEDIUM] x86/mm: Fix pti_clone_pgtable() alignment assumption x86/mm: Fix pti_clone_pgtable() alignment assumption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-0133 [MEDIUM] CWE-367 NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This do NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of t

CVE-2024-42461 [CRITICAL] CWE-347 In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because BER-encoded signatures are allowed. In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because BER-encoded signatures are allowed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu

CVE-2024-45491 [CRITICAL] CWE-190 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affect

CVE-2024-45492 [CRITICAL] CWE-190 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore po

CVE-2022-2601 [HIGH] CWE-121 Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2022-2601 FAQ: Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in th

CVE-2024-43873 [HIGH] CWE-909 vhost/vsock: always initialize seqpacket_allow vhost/vsock: always initialize seqpacket_allow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-42285 [HIGH] CWE-416 RDMA/iwcm: Fix a use-after-free related to destroying CM IDs RDMA/iwcm: Fix a use-after-free related to destroying CM IDs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-42280 [HIGH] CWE-416 mISDN: Fix a use after free in hfcmulti_tx() mISDN: Fix a use after free in hfcmulti_tx() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-42284 [HIGH] CWE-754 tipc: Return non-zero value from tipc_udp_addr2str() on error tipc: Return non-zero value from tipc_udp_addr2str() on error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-7592 [HIGH] CWE-1333 Quadratic complexity parsing cookies with backslashes Quadratic complexity parsing cookies with backslashes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-7383 [HIGH] CWE-295 Libnbd: nbd server improper certificate validation Libnbd: nbd server improper certificate validation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2024-42302 [HIGH] CWE-416 PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-44070 [HIGH] An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne