Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-53057 [HIGH] CWE-416 net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-50268 [HIGH] CWE-125 usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-50127 [HIGH] CWE-416 net: sched: fix use-after-free in taprio_change() net: sched: fix use-after-free in taprio_change() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-25431 [HIGH] CWE-125 An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility funct An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. FAQ: Is Azure Linux the only Microsoft product that includes th

CVE-2024-53059 [HIGH] wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-50257 [HIGH] CWE-416 netfilter: Fix use-after-free in get_info() netfilter: Fix use-after-free in get_info() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-50186 [HIGH] CWE-416 net: explicitly clear the sk pointer, when pf->create fails net: explicitly clear the sk pointer, when pf->create fails FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-50151 [HIGH] CWE-787 smb: client: fix OOBs when building SMB2_IOCTL request smb: client: fix OOBs when building SMB2_IOCTL request FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-50154 [HIGH] CWE-416 tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-50262 [HIGH] CWE-787 bpf: Fix out-of-bounds write in trie_get_next_key() bpf: Fix out-of-bounds write in trie_get_next_key() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-52336 [HIGH] CWE-269 Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the

CVE-2024-50279 [HIGH] dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: fix out-of-bounds access to the dirty bitset when resizing FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-50234 [HIGH] CWE-367 wifi: iwlegacy: Clear stale interrupts before resuming device wifi: iwlegacy: Clear stale interrupts before resuming device FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-50282 [HIGH] CWE-120 drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-36623 [HIGH] CWE-362 moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application cra moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. FAQ: Is Azure Linux the only Microsoft product that includes t

CVE-2024-27532 [HIGH] CWE-476 wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main bene

CVE-2024-11234 [MEDIUM] CWE-20 Configuring a proxy in a stream context might allow for CRLF injection in URIs Configuring a proxy in a stream context might allow for CRLF injection in URIs FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2024-50131 [HIGH] CWE-120 tracing: Consider the NULL character when validating the event length tracing: Consider the NULL character when validating the event length FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-50301 [HIGH] CWE-125 security/keys: fix slab-out-of-bounds in key_task_permission security/keys: fix slab-out-of-bounds in key_task_permission FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-50180 [HIGH] CWE-787 fbdev: sisfb: Fix strbuf array overflow fbdev: sisfb: Fix strbuf array overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft