Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-1545 [MEDIUM] CWE-1256 Fault Injection of RSA encryption in WolfCrypt Fault Injection of RSA encryption in WolfCrypt FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2023-49582 [MEDIUM] CWE-732 Apache Portable Runtime (APR): Unexpected lax shared memory permissions Apache Portable Runtime (APR): Unexpected lax shared memory permissions FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-43168 [MEDIUM] CWE-122 Unbound: heap-buffer-overflow in unbound Unbound: heap-buffer-overflow in unbound FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2024-8006 [MEDIUM] CWE-476 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2024-43892 [MEDIUM] memcg: protect concurrent access to mem_cgroup_idr memcg: protect concurrent access to mem_cgroup_idr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-43889 [MEDIUM] CWE-369 padata: Fix possible divide-by-0 panic in padata_mt_helper() padata: Fix possible divide-by-0 panic in padata_mt_helper() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2024-42270 [MEDIUM] CWE-476 netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2023-7256 [MEDIUM] CWE-415 Double-free in libpcap before 1.10.5 with remote packet capture support. Double-free in libpcap before 1.10.5 with remote packet capture support. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-44935 [MEDIUM] CWE-476 sctp: Fix null-ptr-deref in reuseport_add_sock(). sctp: Fix null-ptr-deref in reuseport_add_sock(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-5814 [MEDIUM] CWE-284 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2024-43914 [MEDIUM] md/raid5: avoid BUG_ON() while continue reshape after reassembling md/raid5: avoid BUG_ON() while continue reshape after reassembling FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2024-41957 [MEDIUM] CWE-415 Vim double free in src/alloc.c:616 Vim double free in src/alloc.c:616 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is comm

CVE-2024-43861 [MEDIUM] CWE-401 net: usb: qmi_wwan: fix memory leak for not ip packets net: usb: qmi_wwan: fix memory leak for not ip packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-43806 [MEDIUM] CWE-400 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2024-42259 [MEDIUM] CWE-131 drm/i915/gem: Fix Virtual Memory mapping boundaries calculation drm/i915/gem: Fix Virtual Memory mapping boundaries calculation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-42459 [MEDIUM] CWE-347 In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended. In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor

CVE-2024-43863 [MEDIUM] CWE-667 drm/vmwgfx: Fix a deadlock in dma buf fence polling drm/vmwgfx: Fix a deadlock in dma buf fence polling FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-43897 [MEDIUM] net: drop bad gso csum_start and offset in virtio_net_hdr net: drop bad gso csum_start and offset in virtio_net_hdr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-43902 [MEDIUM] CWE-476 drm/amd/display: Add null checker before passing variables drm/amd/display: Add null checker before passing variables FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-42269 [MEDIUM] CWE-476 netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure