Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-7347 [MEDIUM] CWE-125 NGINX MP4 module vulnerability NGINX MP4 module vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to

CVE-2024-43909 [MEDIUM] CWE-476 drm/amdgpu/pm: Fix the null pointer dereference for smu7 drm/amdgpu/pm: Fix the null pointer dereference for smu7 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-42460 [MEDIUM] CWE-130 In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? On

CVE-2024-43893 [MEDIUM] CWE-369 serial: core: check uartclk for zero to avoid divide by zero serial: core: check uartclk for zero to avoid divide by zero FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-43829 [MEDIUM] CWE-476 drm/qxl: Add check for drm_cvt_mode drm/qxl: Add check for drm_cvt_mode FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is co

CVE-2024-43855 [MEDIUM] CWE-476 md: fix deadlock between mddev_suspend and flush bio md: fix deadlock between mddev_suspend and flush bio FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-43905 [MEDIUM] CWE-476 drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2024-42353 [MEDIUM] CWE-601 WebOb's location header normalization during redirect leads to open redirect WebOb's location header normalization during redirect leads to open redirect FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-44944 [MEDIUM] CWE-401 netfilter: ctnetlink: use helper function to calculate expect ID netfilter: ctnetlink: use helper function to calculate expect ID FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2024-42240 [MEDIUM] CWE-835 x86/bhi: Avoid warning in #DB handler due to BHI mitigation x86/bhi: Avoid warning in #DB handler due to BHI mitigation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-42288 [MEDIUM] CWE-787 scsi: qla2xxx: Fix for possible memory corruption scsi: qla2xxx: Fix for possible memory corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-43817 [MEDIUM] net: missing check virtio net: missing check virtio FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in t

CVE-2024-43871 [MEDIUM] CWE-401 devres: Fix memory leakage caused by driver API devm_free_percpu() devres: Fix memory leakage caused by driver API devm_free_percpu() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-42289 [MEDIUM] CWE-476 scsi: qla2xxx: During vport delete send async logout explicitly scsi: qla2xxx: During vport delete send async logout explicitly FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-43884 [MEDIUM] CWE-476 Bluetooth: MGMT: Add error handling to pair_device() Bluetooth: MGMT: Add error handling to pair_device() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-43890 [MEDIUM] CWE-190 tracing: Fix overflow in get_free_elt() tracing: Fix overflow in get_free_elt() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso

CVE-2024-42287 [MEDIUM] CWE-476 scsi: qla2xxx: Complete command early within lock scsi: qla2xxx: Complete command early within lock FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-1543 [MEDIUM] CWE-208 AES T-Table sub-cache-line leakage AES T-Table sub-cache-line leakage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is commi

CVE-2024-43856 [MEDIUM] CWE-770 dma: fix call order in dmam_free_coherent dma: fix call order in dmam_free_coherent FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2024-42283 [MEDIUM] CWE-908 net: nexthop: Initialize all fields in dumped nexthops net: nexthop: Initialize all fields in dumped nexthops FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t